From 5639928760088b777a874235a9cb7c71ebf61e25 Mon Sep 17 00:00:00 2001
From: Brendan McDevitt <brendan@mcdevitt.tech>
Date: Sun, 22 May 2022 18:23:57 -0500
Subject: [PATCH] added csw to captrued data example

---
 .../cnas_with_html_advisories.md              | 45 ++++++++++++++++++-
 1 file changed, 43 insertions(+), 2 deletions(-)

diff --git a/doc/cna_readme_notes/cnas_with_html_advisories.md b/doc/cna_readme_notes/cnas_with_html_advisories.md
index 582a522..1edd776 100644
--- a/doc/cna_readme_notes/cnas_with_html_advisories.md
+++ b/doc/cna_readme_notes/cnas_with_html_advisories.md
@@ -534,9 +534,50 @@ Mitigation heading as well seems to be common across alerts/advisories.
 ### Advisory
 https://cybersecurityworks.com/zerodays-vulnerability-list/
 #### Notes
-Paginated list of vulns. 
+Paginated list of vulns. Each vuln has a Proof of Concept section that has screenshots and step by step ways to exploit 
 #### Captured Data Potential From Advisory
-
+```
+{
+  :bulletin_id => '2021-CSW-11-1054',
+  :affected_vendor => 'X2CRM',
+  :affected_product => 'X2CRM',
+  :affected_version => 'Version 8.0',
+  :status => 'fixed',
+  :date => 'Dec 1, 2021',
+  :bug_name => 'Stored Cross-Site Scripting',
+  :cve_number => 'CVE-2021-33853',
+  :cwe_id => 'CWE-79',
+  :cvssv3_score => '6.1',
+  :severity => 'Medium',
+  :description => 'A Cross-Site Scripting (XSS) attack can cause arbitrary code (javascript) to run in a user’s browser while the browser is connected to a trusted website. As the vehicle for the attack, the application targets the users and not the application itself. Additionally, the XSS payload is executed when the user attempts to access any page of the CRM.',
+  :proof_of_concept => {
+    :issue => 'Stored Cross-Site Scripting',
+    :step_1 => 'Login to the X2CRM as administrator.', 
+    :step_2 => 'Go to the “Administrator” tool and click on the “User Interface Management’’ submenu and select “Add Top Bar Link”.',
+    :step_3 => 'Enter “<script>alert(“XSS”)</script>” in the “Link Name” field and submit the request.',
+    :step_4 => 'By accessing any page within the CRM, the payload will be executed.'
+  },
+  :impact => [
+    'Inject malicious code into the vulnerable variable and exploit the application through the Cross-Site Scripting vulnerability.',
+    'Modify the code and get the session information of other users',
+    'Compromise the user machine.'
+  ],
+  :remediations => [
+    'Perform context-sensitive encoding of entrusted input before echoing back to a browser using an encoding library throughout the application.',
+    'Implement input validation for special characters on all the variables are reflected in the browser and stored in the database.',
+    'Explicitly set the character set encoding for each page generated by the webserver.',
+    'Encode dynamic output elements and filter specific characters in dynamic elements.'
+  ],
+  :timeline => {
+    :november_11_2021 => 'Discovered in X2CRM 8.0 Product',
+    :december_1_2021 => 'CSW team reported to Vendor about the vulnerability.',
+    :january_20_2022 => 'X2CRM team postponed the release of X2CRM 8.5.',
+    :february_1_2022_01 => 'Vendor fixed the issue.',
+    :february_1_2022_02 => 'CSW assigned the CVE Identifier (CVE-2021-33853).'
+  },
+  :discovered_by => 'Cyber Security Works Pvt. Ltd.'
+}
+```
 ## Dahua Technologies
 ### Advisory
 https://www.dahuasecurity.com/support/cybersecurity/annoucementNotice