Merge branch 'master' into Pen-Test-Reporting-Fixes

bugcrowd · Nov 24, 2023 · 0587f58 · 0587f58
2 parents 04536c6 + f188222
commit 0587f58
Show file tree

Hide file tree

Showing 3 changed files with 5 additions and 5 deletions.
diff --git a/..._level_denial_of_service_dos/critical_impact_and_or_easy_difficulty/template.md b/..._level_denial_of_service_dos/critical_impact_and_or_easy_difficulty/template.md
@@ -12,7 +12,7 @@ Application-level DoS can result in indirect financial loss for the business thr
 
 ## Steps to Reproduce
 
-1. Navigate to {{url}}
+1. Navigate to the following URL: {{url}}
 1. Use the following payload:
 
 {{payload}}
@@ -25,6 +25,6 @@ Application-level DoS can result in indirect financial loss for the business thr
 
 ## Proof of Concept (PoC)
 
-The screenshot below demonstrates the Denial of Service:
+The screenshot(s) below demonstrate(s) proof of the vulnerability:
 
 {{screenshot}}
diff --git a/...on_level_denial_of_service_dos/high_impact_and_or_medium_difficulty/template.md b/...on_level_denial_of_service_dos/high_impact_and_or_medium_difficulty/template.md
@@ -12,7 +12,7 @@ Application-level DoS can result in indirect financial loss for the business thr
 
 ## Steps to Reproduce
 
-1. Navigate to {{url}}
+1. Navigate to the following URL: {{url}}
 1. Use the following payload:
 
 {{payload}}

diff --git a/...ons/description/cross_site_scripting_xss/stored/non_admin_to_anyone/template.md b/...ons/description/cross_site_scripting_xss/stored/non_admin_to_anyone/template.md
@@ -2,11 +2,11 @@
 
 ## Overview of the Vulnerability
 
-Stored Cross-Site Scripting (XSS) is a type of injection attack where malicious JavaScript is injected into a website. When a user visits the affected web page, the Javascript executes within that user’s browser in the context of this domain. Stored XSS can be found on this domain which allows an attacker to submit data to a form and escalate from no privileges to any user type, which could include an Administrator level user.
+Stored Cross-Site Scripting (XSS) is a type of injection attack where malicious JavaScript is injected into a website. When a user visits the affected web page, the JavaScript executes within that user’s browser in the context of this domain. Stored XSS can be found on this domain which allows an attacker to submit data to a form and escalate from no privileges to any user type, which could include an Administrator level user.
 
 When an attacker can control code that is executed within a user’s browser, they are able to carry out any actions that the user is able to perform, including accessing any of the user's data and modifying information within the user’s permissions. This can result in modification, deletion, or theft of data, including accessing or deleting files, or stealing session cookies which an attacker could use to hijack a user’s session.
 
-to create a crafted JavaScript payload. When a user navigates to the page,  the arbitrary Javascript executes within that user’s browser in the context of this domain.
+to create a crafted JavaScript payload. When a user navigates to the page,  the arbitrary JavaScript executes within that user’s browser in the context of this domain.
 
 ## Business Impact