hao/websafe-kb
1
0
派生 0
代码 工单 合并请求 1 工作流 软件包 项目 发布 百科 活动

Expand intel coverage and refresh monitoring

浏览代码
这个提交包含在:
hao
2026-03-18 14:18:09 -07:00
父节点 87008d1bd5
当前提交 00d828d090
修改 3658 个文件,包含 124245 行新增13073 行删除
下载 Patch 文件 下载 Diff 文件 展开所有文件 折叠所有文件

39
07-framework-security/cms/directus/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `directus`
- 分类: `cms`
- 覆盖策略: `rolling-24m`
- 总案例数: `0`
- 总案例数: `29`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T18:33:29+00:00`
- 待人工/缺浏览器证据: `29`
- 最近渲染时间: `2026-03-18T21:16:45+00:00`
## 目标约束
@@ -31,4 +31,35 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
| Insights | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Open redirect in SAML | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| directus | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Skip to content | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Actions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Improper Permission Handling on Deleted Fields in Directus | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 5 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Projects | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Conceal fields are searchable if read permissions enabled | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Information Leakage: Existing Collections | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| User Enumeration via Password Reset Timing Attack | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 3 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Issues
344 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Security
46 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Store XSS | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Missing permission checks for manual trigger Flows | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Pull requests
40 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 2 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| directus | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Notifications | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Discussions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Unauthenticated file upload and file modification due to lacking input sanitization | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 4 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Sign up | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| S3 assets become unavailable after a burst of malformed transformations | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Report a vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Policy | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Sign in | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Directus version number disclosure | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |

39
07-framework-security/cms/discourse/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `discourse`
- 分类: `cms`
- 覆盖策略: `rolling-24m`
- 总案例数: `0`
- 总案例数: `30`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T18:33:29+00:00`
- 待人工/缺浏览器证据: `30`
- 最近渲染时间: `2026-03-18T21:16:45+00:00`
## 目标约束
@@ -26,10 +26,41 @@
- `official` [Discourse Meta Security](https://meta.discourse.org/c/bug/security/40) (mode=core)
- `official` [Discourse Release Notes RSS](https://meta.discourse.org/tag/release-notes.rss) (mode=core)
- `official` [Discourse Security RSS](https://meta.discourse.org/tag/security.rss) (mode=core)
- `official` [GitHub Discourse Advisories](https://github.com/advisories) (ecosystem=rubygems; mode=core)
- `ecosystem-authority` [OSV Discourse](https://osv.dev/) (mode=core)
## 案例列表
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
| 3.5.0.beta5: Improved admin search, AI forum research, easier site appearance configuration, and simpler plugin development | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 28 May 2025 05:22:52 +0000` | - |
| 3.4.4: Bug fix and UX release | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 28 May 2025 05:22:48 +0000` | - |
| January 2026 Releases | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 28 Jan 2026 17:35:34 +0000` | - |
| Release v2025.11.0: AI translations improvements, chat search, new review queue, and improvements for posts with images | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 26 Nov 2025 11:02:53 +0000` | - |
| 3.4.2: Security and bug fix release | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 26 Mar 2025 02:46:36 +0000` | - |
| 3.5.0.beta2: Review Queue, Welcome Banner, Admin Interface, and more | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 26 Mar 2025 02:46:32 +0000` | - |
| 3.4.6: Security fix release | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 25 Jun 2025 03:38:49 +0000` | - |
| 3.5.0.beta7: Smart link editing, better invite tracking, unique icons, and fixing name management | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 25 Jun 2025 03:38:45 +0000` | - |
| 3.4.0.beta4: Redesigned emojis, exporting user data, flagging illegal content and more | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 05 Feb 2025 14:26:56 +0000` | - |
| 3.3.4: Security and maintenance release | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 05 Feb 2025 14:26:22 +0000` | - |
| 3.5.1: Security and maintenance release | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Tue, 30 Sep 2025 02:59:22 +0000` | - |
| 3.6.0.beta1: Color palette editing, user fields on sign up, themeable site setting discovery, images with Google AI, and reliable drafts | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Tue, 30 Sep 2025 02:59:19 +0000` | - |
| Release v3.5.3: Security and maintenance release | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Tue, 30 Dec 2025 15:07:18 +0000` | - |
| Release v2025.11.1: Security and maintenance release | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Tue, 30 Dec 2025 15:07:04 +0000` | - |
| Release v2025.12.0: Discourse Rewind, new review queue and UI to create tags, Chat channel customisation, and live PR statuses | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Tue, 30 Dec 2025 15:06:45 +0000` | - |
| 3.4.7: Security and maintenance release | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Tue, 29 Jul 2025 03:46:36 +0000` | - |
| 3.5.0.beta8: Bundled plugins, a new theme, better color management, powerful filtering, and advanced image controls | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Tue, 29 Jul 2025 03:46:34 +0000` | - |
| 3.4.3: Bug fix and UX release | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Tue, 29 Apr 2025 04:43:02 +0000` | - |
| 3.5.0beta3: Full admin search, better font selection, more robust site search, category personalization, and easier configuration management | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Tue, 29 Apr 2025 04:43:00 +0000` | - |
| 3.5.2: Security and maintenance release | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Tue, 28 Oct 2025 07:33:40 +0000` | - |
| 3.6.0.beta2: Built-in palette editing, live AI translation progress, and better wiki tracking | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Tue, 28 Oct 2025 07:33:37 +0000` | - |
| 3.5.0: Major release | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Tue, 19 Aug 2025 08:07:12 +0000` | - |
| 3.5.0.beta9: Improving color management, core welcome banner, and staff action log filters | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Tue, 19 Aug 2025 08:07:02 +0000` | - |
| 3.4.0: Major Release | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Tue, 04 Feb 2025 17:07:48 +0000` | - |
| 3.4.0.beta3: Check for updates on What’s New page, filter by user in the review queue, threading in Chat DMs and group chats, and more | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Thu, 19 Dec 2024 16:53:54 +0000` | - |
| 3.4.1: Bug fix and UX release | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Mon, 24 Feb 2025 05:42:05 +0000` | - |
| 3.5.0.beta1: Dark/light mode selector, better flagging info, and encouraging more valuable conversations | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Mon, 24 Feb 2025 05:42:02 +0000` | - |
| 3.5.0.beta6 Security fixes release | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Mon, 09 Jun 2025 05:30:17 +0000` | - |
| 3.4.5 Security fixes release | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Mon, 09 Jun 2025 03:57:43 +0000` | - |
| 3.5.0.beta4 Security fix release | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Mon, 05 May 2025 17:04:14 +0000` | - |

2
07-framework-security/cms/drupal/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `70`
- 最近渲染时间: `2026-03-18T18:33:21+00:00`
- 最近渲染时间: `2026-03-18T21:16:45+00:00`
## 目标约束

35
07-framework-security/cms/ghost/INDEX.md
查看文件

@@ -4,15 +4,15 @@
- 系统 ID: `ghost`
- 分类: `cms`
- 覆盖策略: `rolling-24m`
- 总案例数: `0`
- 覆盖策略: `history-full`
- 总案例数: `23`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T18:33:29+00:00`
- 待人工/缺浏览器证据: `23`
- 最近渲染时间: `2026-03-18T21:16:45+00:00`
## 目标约束
@@ -31,4 +31,29 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
| Issues
63 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Incomplete CSRF protections around OTC use | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| SQL Injection in Members Activity Feed | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Sign in | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| SQL injection in Content API | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| TryGhost | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 2 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| SSRF via External Media Inliner | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Pull requests
307 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Insights | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Improper authentication allows access to member information and actions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Sign up | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Staff 2FA bypass | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| XSS via malicious Portal preview links | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Staff Token permission bypass | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Ghost | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Notifications | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Skip to content | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Security
18 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Actions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Remote Code Execution via Malicious Themes | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| SSRF via oEmbed Bookmark | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Policy | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |

2
07-framework-security/cms/ghost/README.md
查看文件

@@ -3,7 +3,7 @@
> `LAB ONLY` | `AUTHORIZED TARGETS ONLY`
- 分类: `cms`
- 覆盖层级: `rolling-24m`
- 覆盖层级: `history-full`
- Advisory 模式: core
- 输出目录: `07-framework-security/cms/ghost`
- 修复主题: authz-server-side-recheck, xss-output-encoding, token-cookie-storage

2
07-framework-security/cms/joomla/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `100`
- 最近渲染时间: `2026-03-18T18:33:29+00:00`
- 最近渲染时间: `2026-03-18T21:16:45+00:00`
## 目标约束

78
07-framework-security/cms/mediawiki/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `mediawiki`
- 分类: `cms`
- 覆盖策略: `rolling-24m`
- 总案例数: `0`
- 总案例数: `70`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T18:33:29+00:00`
- 待人工/缺浏览器证据: `70`
- 最近渲染时间: `2026-03-18T21:16:45+00:00`
## 目标约束
@@ -25,10 +25,80 @@
## 来源
- `official` [MediaWiki Security Releases](https://www.mediawiki.org/wiki/Security) (mode=core)
- `official` [MediaWiki Announce RSS](https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/feed/) (mode=core)
- `official` [NVD MediaWiki](https://nvd.nist.gov/vuln/search) (keyword=MediaWiki; mode=core)
## 案例列表
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
| [MediaWiki-announce] MediaWiki Extensions and Skins Security Release Supplement (1.39.14/1.43.4/1.44.1) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 22 Oct 2025 21:44:43 +0000` | - |
| [MediaWiki-announce] Security and maintenance release: 1.39.16 / 1.43.6 / 1.44.3 / 1.45.1 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 10 Dec 2025 22:22:38 +0000` | - |
| [MediaWiki-announce] MediaWiki Extensions and Skins Security Release Supplement (1.39.13/1.42.7/1.43.2) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 09 Jul 2025 16:53:41 +0000` | - |
| [MediaWiki-announce] Security pre-release announcement: 1.39.12 / 1.42.6 / 1.43.1 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 09 Apr 2025 20:57:04 +0000` | - |
| [MediaWiki-announce] Re: MediaWiki 1.44-beta has been branched | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 07 May 2025 07:47:35 +0000` | - |
| [MediaWiki-announce] Announcing MediaWiki 1.44.0 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 02 Jul 2025 21:30:40 +0000` | - |
| [MediaWiki-announce] Security pre-release announcement: 1.39.14 / 1.43.4 / 1.44.1 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 01 Oct 2025 20:33:01 +0000` | - |
| [MediaWiki-announce] Maintenance release: MediaWiki 1.39.17 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Tue, 16 Dec 2025 18:21:00 +0000` | - |
| [MediaWiki-announce] MediaWiki Extensions and Skins Security Release Supplement (1.39.11/1.41.5/1.42.4) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Tue, 14 Jan 2025 19:41:18 +0000` | - |
| [MediaWiki-announce] MediaWiki 1.45-alpha will be branched as a beta on 28-10-2025 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Tue, 07 Oct 2025 15:18:36 +0000` | - |
| [MediaWiki-announce] MediaWiki 1.44-beta has been branched | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Tue, 06 May 2025 19:13:18 +0000` | - |
| [MediaWiki-announce] MediaWiki 1.45-beta has been branched | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Tue, 04 Nov 2025 13:27:41 +0000` | - |
| [MediaWiki-announce] Maintenance release: MediaWiki 1.43.3 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Tue, 01 Jul 2025 15:18:58 +0000` | - |
| [MediaWiki-announce] MediaWiki 1.45.0-rc.0 is ready for testing | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Thu, 20 Nov 2025 13:30:34 +0000` | - |
| [MediaWiki-announce] Security and maintenance release: 1.39.12 / 1.42.6 / 1.43.1 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Thu, 10 Apr 2025 16:23:30 +0000` | - |
| [MediaWiki-announce] Security and maintenance release: 1.39.14 / 1.43.4 / 1.44.1 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Thu, 02 Oct 2025 17:37:08 +0000` | - |
| [MediaWiki-announce] MediaWiki 1.41 is End of Life | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Sat, 21 Dec 2024 10:46:44 +0000` | - |
| [MediaWiki-announce] MediaWiki 1.42 is End of Life | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Mon, 30 Jun 2025 23:15:16 +0000` | - |
| [MediaWiki-announce] Security and maintenance release: 1.39.13 / 1.42.7 / 1.43.2 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Mon, 30 Jun 2025 18:02:30 +0000` | - |
| [MediaWiki-announce] MediaWiki 1.39 is End of Life | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Mon, 29 Dec 2025 20:36:35 +0000` | - |
| [MediaWiki-announce] Security pre-release announcement: 1.39.16 / 1.43.6 / 1.44.3 / 1.45.1 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Mon, 08 Dec 2025 23:43:45 +0000` | - |
| [MediaWiki-announce] Announcing MediaWiki 1.45.0 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Mon, 08 Dec 2025 17:01:47 +0000` | - |
| [MediaWiki-announce] Maintenance release: MediaWiki 1.42.5 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Mon, 03 Feb 2025 17:39:30 +0000` | - |
| [MediaWiki-announce] Security pre-release announcement: 1.39.13 / 1.42.7 / 1.43.2 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Fri, 27 Jun 2025 22:25:47 +0000` | - |
| [MediaWiki-announce] Maintenance release: MediaWiki 1.39.11, 1.41.5 and 1.42.4 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Fri, 20 Dec 2024 17:57:58 +0000` | - |
| [MediaWiki-announce] MediaWiki Extensions and Skins Security Release Supplement (1.39.12/1.42.6/1.43.1) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Fri, 11 Apr 2025 20:47:11 +0000` | - |
| [MediaWiki-announce] Re: The Recent MediaWiki Extensions and Skins Security Release Supplement | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Fri, 11 Apr 2025 20:34:58 +0000` | - |
| [MediaWiki-announce] MediaWiki Extensions and Skins Security Release Supplement (1.39.9/1.41.3/1.42.2) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Fri, 11 Apr 2025 16:56:23 +0000` | - |
| [MediaWiki-announce] MediaWiki Extensions and Skins Security Release Supplement (1.39.16/1.43.6/1.44.3/1.45.1) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Fri, 09 Jan 2026 17:54:29 +0000` | - |
| [MediaWiki-announce] Security and maintenance release: 1.39.15 / 1.43.5 / 1.44.2 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Fri, 03 Oct 2025 18:45:04 +0000` | - |
| CVE-2010-1190 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-11T00:51:21.963` | - |
| CVE-2010-1189 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-11T00:51:21.963` | - |
| CVE-2009-4589 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2009-0737 | `low` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2008-5688 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2008-5687 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2008-5252 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2008-5250 | `low` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2008-5249 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2008-4408 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2008-1318 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2008-0460 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-4883 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-4828 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-1054 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-1055 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-0894 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-0788 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-0177 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2006-2895 | `low` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-2611 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-1498 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-0322 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-4501 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-4031 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-3165 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-3166 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-3167 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-2396 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-2215 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-1888 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-0534 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-0536 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-1245 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-0535 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2004-1405 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2004-2152 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2004-2185 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2004-2186 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2004-2187 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |

47
07-framework-security/cms/moodle/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `moodle`
- 分类: `cms`
- 覆盖策略: `rolling-24m`
- 总案例数: `0`
- 总案例数: `40`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T18:33:29+00:00`
- 待人工/缺浏览器证据: `40`
- 最近渲染时间: `2026-03-18T21:16:45+00:00`
## 目标约束
@@ -31,4 +31,43 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
| CVE-2008-3325 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2008-1502 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2008-0123 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-6538 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-3555 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-1647 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-1429 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2006-7048 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2006-6625 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2006-6626 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2006-5219 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2006-4935 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4936 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4937 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4938 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4939 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4940 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4941 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4942 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4943 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4784 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4785 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4786 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-3951 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-0146 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-0147 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-3648 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-3649 | `low` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-2247 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2004-1424 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2004-1425 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2004-2232 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2004-2233 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2004-2234 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2004-2235 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2004-2236 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2004-2237 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2004-1711 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2004-0725 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2004-1978 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |

37
07-framework-security/cms/strapi/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `strapi`
- 分类: `cms`
- 覆盖策略: `rolling-24m`
- 总案例数: `0`
- 总案例数: `26`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T18:33:29+00:00`
- 待人工/缺浏览器证据: `26`
- 最近渲染时间: `2026-03-18T21:16:45+00:00`
## 目标约束
@@ -31,4 +31,33 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
| Skip to content | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Security
16 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Pull requests
214 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Sign in | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Unauthorized Access to Private Fields via parms.lookup | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Weak Password Length Validation | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Insights | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Server - Side Request Forgery in Webhook function | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Leaking data via relations via the Admin Panel | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 3rd party token leak and authentication bypass | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Denial-of-Service via Improper Exception Handling | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Actions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Star
71.6k | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Sign up | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Unauthorized Access to Private Fields in User Registration API | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Issues
573 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Policy | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Leaking sensitive user information, user reset password, tokens via content-manager views | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Next | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Field level permissions not being respected in relationship title | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Discussions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| strapi | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| CORS Misconfiguration Leads to Sensitive Data Exposure | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Projects | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Report a vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| strapi | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |

2
07-framework-security/cms/wordpress/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `140`
- 最近渲染时间: `2026-03-18T18:33:15+00:00`
- 最近渲染时间: `2026-03-18T21:16:45+00:00`
## 目标约束