Various small grammar or spelling corrections

submissions/description/cryptographic_weakness/insufficient_entropy/small_seed_space_in_prng/template.md

@@ -2,7 +2,7 @@
 
 ## Overview of the Vulnerability
 
-A Pseudo-Random Number Generator (PRNG) uses an initial seed value to generate random number through a complex algorithm. When this seed value is small in size, it is possible to bruteforce all possible seeed values. An attacker who can guess the seed value can predict or guess the random numbers generated by the PRNG. This can lead to unauthorized access if that seed value is used for authorization and authentication.
+A Pseudo-Random Number Generator (PRNG) uses an initial seed value to generate random number through a complex algorithm. When this seed value is small in size, it is possible to bruteforce all possible seed values. An attacker who can guess the seed value can predict or guess the random numbers generated by the PRNG. This can lead to unauthorized access if that seed value is used for authorization and authentication.
 
 ## Business Impact
 

submissions/description/sensitive_data_exposure/template.md

@@ -2,7 +2,7 @@
 
 ## Overview of the Vulnerability
 
-Sensitive data exposure can occur when sensitive data is not encrypted, or behind an authorization barrier. When this information is exposed it can place sensitive data, such as secrets, at risk. This can occur due to a variety of scenarios such as not encrypting data, Secure Sockets Layer (SSL) not being used for authenticated pages, or passwords being stored using unsalted hashes. Examples of such data include, but are not limited to: personally identifiable information (PII), Social Security numbers, medical data, banking information, and login credentials.
+Sensitive data exposure can occur when sensitive data is not encrypted, or behind an authorization barrier. When this information is exposed, it can place sensitive data, such as secrets, at risk. This can occur due to a variety of scenarios such as not encrypting data, Secure Sockets Layer (SSL) not being used for authenticated pages, or passwords being stored using unsalted hashes. Examples of such data include, but are not limited to: personally identifiable information (PII), Social Security numbers, medical data, banking information, and login credentials.
 
 Sensitive data relating to the business was exposed. This data could be exfiltrated and used by an attacker to sell access to databases and database content, or use credentials identified to take over accounts, amongst other attack vectors.
 

submissions/description/server_security_misconfiguration/potentially_unsafe_http_method_enabled/options/template.md

@@ -4,7 +4,7 @@
 
 HTTP request methods are used to indicate the desired action to be performed in communications between a client and a server. For example, an endpoint will return a list of all methods allowed when sent a request using the OPTIONS method.
 
-The OPTIONS HTTP method can be sent to this application and could be used by an attacker to gather information, or interact with an endpoint in a way that is unintended, gathering information about the system for further attacks.
+The OPTIONS HTTP method can be sent to this application and could be used by an attacker to gather information or interact with an endpoint in a way that is unintended, gathering information about the system for further attacks.
 
 ## Business Impact
 

submissions/description/server_security_misconfiguration/potentially_unsafe_http_method_enabled/template.md

@@ -2,7 +2,7 @@
 
 ## Overview of the Vulnerability
 
-HTTP request methods are used to indicate the desired action to be performed in communications between a client and a server. It is possible to perform create, read, update, and delete, amongst other operations. While not a vulnerability within itself, an attacker can use different HTTP methods when they are enabled to gather information, or interact with an endpoint in a way that is unintended. This can lead to an attacker modifying the endpoint in unsafe ways and gathering further information about the system for further attacks.
+HTTP request methods are used to indicate the desired action to be performed in communications between a client and a server. It is possible to perform create, read, update, and delete, amongst other operations. While not a vulnerability within itself, an attacker can use different HTTP methods when they are enabled to gather information or interact with an endpoint in a way that is unintended. This can lead to an attacker modifying the endpoint in unsafe ways and gathering further information about the system for further attacks.
 
 ## Business Impact
 

submissions/description/server_security_misconfiguration/potentially_unsafe_http_method_enabled/trace/template.md

@@ -4,7 +4,7 @@
 
 HTTP request methods are used to indicate the desired action to be performed in communications between a client and a server. For example, the TRACE HTTP method is used to help applications debug by using a loopback message.
 
-The TRACE HTTP method can be sent to this application and could be used by an attacker to gather information, or interact with an endpoint in a way that is unintended. It is possible for the TRACE method to be used in a cross-site tracing attack, a technique where a malicious attacker can bypass the `HttpOnly` tag, capture a session cookie, and gain control of a user's session.
+The TRACE HTTP method can be sent to this application and could be used by an attacker to gather information or interact with an endpoint in a way that is unintended. It is possible for the TRACE method to be used in a cross-site tracing attack, a technique where a malicious attacker can bypass the `HttpOnly` tag, capture a session cookie, and gain control of a user's session.
 
 ## Business Impact
 

submissions/description/server_side_injection/sql_injection/template.md

@@ -2,13 +2,13 @@
 
 ## Overview
 
-SQL injection (SQLi) is a vulnerability in which an application accepts input into an SQL statement and treats this input as part of the statement. Typically, SQLi allows a malicious attacker to view, modify or delete data that should not be able to be retrieved. An SQLi vulnerability was found for this host which allows an attacker to execute code and view data from the SQL service by submitting SQL queries.
+SQL injection is a vulnerability in which an application accepts input into an SQL statement and treats this input as part of the statement. Typically, SQL injection allows a malicious attacker to view, modify or delete data that should not be able to be retrieved. An SQL injection vulnerability was found for this host which allows an attacker to execute code and view data from the SQL service by submitting SQL queries.
 
 An attacker could exploit this lack of input sanitization to exfiltrate database data and files, tamper with the data, or perform resource exhaustion. Depending on the database and how it is configured, an attacker could potentially remotely execute code on the server running the database.
 
 ## Business Impact
 
-Data exfiltration through a SQLi attack could lead to reputational damage or regulatory fines for the business due to an attacker’s unauthorized access to data. This could also result in reputational damage for the business through the impact to customers’ trust. The severity of the impact to the business is dependent on the sensitivity of the data being stored in, and transmitted by the application.
+Data exfiltration through a SQL injection attack could lead to reputational damage or regulatory fines for the business due to an attacker’s unauthorized access to data. This could also result in reputational damage for the business through the impact to customers’ trust. The severity of the impact to the business is dependent on the sensitivity of the data being stored in, and transmitted by the application.
 
 ## Steps to Reproduce
 
@@ -24,7 +24,7 @@ Data exfiltration through a SQLi attack could lead to reputational damage or reg
 
 ## Proof of Concept (PoC)
 
-The screenshot below demonstrates the SQLi being executed:
+The screenshot below demonstrates the SQL injection being executed:
 
 {{screenshot}}