FP: lazy load plugin - Githubissues

topscoder / nuclei-wordfence-cve

The EXCLUSIVE Collection of 40,000+ Nuclei templates based on Wordfence intel. Daily updates for bulletproof WordPress security.

922 stars 116 forks source link

FP: lazy load plugin #14

Closed joostgrunwald closed 11 months ago

joostgrunwald commented 1 year ago

dsl:

compare_versions(version, '<= 0.6.1')

The check hits on version 0.6.1, while this is the fixed version. source: https://www.acunetix.com/vulnerabilities/web/lazy-load-cross-site-scripting-0-6/

topscoder commented 1 year ago

Thanks for reporting @joostgrunwald !

joostgrunwald commented 1 year ago

This seems to be a more frequent issue in the nuclei set, maybe CVE --> Parse NVD api for CVE query --> get exact bounds --> adjust template for that automatically. Could be a good addition in the future, would do it myself if I had the time :)

topscoder commented 1 year ago

Could you send some of the problematic ones? I will check if it is a bug in the code or in the wordfence API. I like to stick to a single source of truth to avoid unnecessary complexity.