diff --git a/submissions/description/application_level_denial_of_service_dos/critical_impact_and_or_easy_difficulty/template.md b/submissions/description/application_level_denial_of_service_dos/critical_impact_and_or_easy_difficulty/template.md index 10014405..417e313c 100644 --- a/submissions/description/application_level_denial_of_service_dos/critical_impact_and_or_easy_difficulty/template.md +++ b/submissions/description/application_level_denial_of_service_dos/critical_impact_and_or_easy_difficulty/template.md @@ -12,7 +12,7 @@ Application-level DoS can result in indirect financial loss for the business thr ## Steps to Reproduce -1. Navigate to {{url}} +1. Navigate to the following URL: {{url}} 1. Use the following payload: {{payload}} @@ -25,6 +25,6 @@ Application-level DoS can result in indirect financial loss for the business thr ## Proof of Concept (PoC) -The screenshot below demonstrates the Denial of Service: +The screenshot(s) below demonstrate(s) proof of the vulnerability: {{screenshot}} diff --git a/submissions/description/application_level_denial_of_service_dos/high_impact_and_or_medium_difficulty/template.md b/submissions/description/application_level_denial_of_service_dos/high_impact_and_or_medium_difficulty/template.md index 1277748e..6bb3cd9b 100644 --- a/submissions/description/application_level_denial_of_service_dos/high_impact_and_or_medium_difficulty/template.md +++ b/submissions/description/application_level_denial_of_service_dos/high_impact_and_or_medium_difficulty/template.md @@ -12,7 +12,7 @@ Application-level DoS can result in indirect financial loss for the business thr ## Steps to Reproduce -1. Navigate to {{url}} +1. Navigate to the following URL: {{url}} 1. Use the following payload: {{payload}} diff --git a/submissions/description/cross_site_scripting_xss/stored/non_admin_to_anyone/template.md b/submissions/description/cross_site_scripting_xss/stored/non_admin_to_anyone/template.md index 252a8ddc..2af66a8b 100644 --- a/submissions/description/cross_site_scripting_xss/stored/non_admin_to_anyone/template.md +++ b/submissions/description/cross_site_scripting_xss/stored/non_admin_to_anyone/template.md @@ -2,11 +2,11 @@ ## Overview of the Vulnerability -Stored Cross-Site Scripting (XSS) is a type of injection attack where malicious JavaScript is injected into a website. When a user visits the affected web page, the Javascript executes within that user’s browser in the context of this domain. Stored XSS can be found on this domain which allows an attacker to submit data to a form and escalate from no privileges to any user type, which could include an Administrator level user. +Stored Cross-Site Scripting (XSS) is a type of injection attack where malicious JavaScript is injected into a website. When a user visits the affected web page, the JavaScript executes within that user’s browser in the context of this domain. Stored XSS can be found on this domain which allows an attacker to submit data to a form and escalate from no privileges to any user type, which could include an Administrator level user. When an attacker can control code that is executed within a user’s browser, they are able to carry out any actions that the user is able to perform, including accessing any of the user's data and modifying information within the user’s permissions. This can result in modification, deletion, or theft of data, including accessing or deleting files, or stealing session cookies which an attacker could use to hijack a user’s session. -to create a crafted JavaScript payload. When a user navigates to the page, the arbitrary Javascript executes within that user’s browser in the context of this domain. +to create a crafted JavaScript payload. When a user navigates to the page, the arbitrary JavaScript executes within that user’s browser in the context of this domain. ## Business Impact