added cve tag to xml file

2013-08-23 14:02:09 +02:00
parent 55089646c2
commit 1f5cb4b0a0
7 changed files with 126 additions and 52 deletions
--- a/data/plugin_vulns.xml
+++ b/data/plugin_vulns.xml
@@ -1388,9 +1388,10 @@
      <type>XSS</type>
    </vulnerability>
    <vulnerability>
-      <title>[CVE-2013-1636] WordPress pretty-link plugin XSS in SWF</title>
+      <title>WordPress pretty-link plugin XSS in SWF</title>
      <reference>http://seclists.org/bugtraq/2013/Feb/100</reference>
      <reference>http://packetstormsecurity.com/files/120433/wpprettylink163-xss.txt</reference>
      <cve>2013-1636</cve>
      <type>XSS</type>
    </vulnerability>
  </plugin>
@@ -1467,8 +1468,11 @@
  <plugin name="download-monitor">
    <vulnerability>
-      <title>CVE-2013-5098, CVE-2013-3262: Download Monitor &lt; 3.3.6.2 Cross Site Scripting</title>
+      <title>Download Monitor &lt; 3.3.6.2 Cross Site Scripting</title>
-      <reference>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5098</reference>
+      <reference>http://www.securityfocus.com/bid/61407</reference>
      <reference>http://secunia.com/advisories/53116</reference>
      <cve>2013-5098</cve>
      <cve>2013-3262</cve>
      <type>XSS</type>
      <fixed_in>3.3.6.2</fixed_in>
    </vulnerability>
@@ -2290,9 +2294,10 @@
      <type>MULTI</type>
    </vulnerability>
    <vulnerability>
-      <title>NextGEN Gallery 1.9.12 Arbitrary File Upload (CVE-2013-3684)</title>
+      <title>NextGEN Gallery 1.9.12 Arbitrary File Upload</title>
      <reference>http://wordpress.org/plugins/nextgen-gallery/changelog/</reference>
      <reference>http://osvdb.org/94232</reference>
      <cve>2013-3684</cve>
      <type>UPLOAD</type>
      <fixed_in>1.9.13</fixed_in>
    </vulnerability>
@@ -4128,223 +4133,249 @@
  <plugin name="zopim-live-chat">
    <vulnerability>
-      <title>CVE-2013-1808: zopim-live-chat &lt;= 1.2.5 XSS in ZeroClipboard</title>
+      <title>zopim-live-chat &lt;= 1.2.5 XSS in ZeroClipboard</title>
      <reference>http://www.openwall.com/lists/oss-security/2013/03/10/2</reference>
      <reference>http://1337day.com/exploit/20396</reference>
      <cve>2013-1808</cve>
      <type>XSS</type>
    </vulnerability>
  </plugin>
  <plugin name="ed2k-link-selector">
    <vulnerability>
-      <title>CVE-2013-1808: ed2k-link-selector &lt;= 1.1.7 XSS in ZeroClipboard</title>
+      <title>ed2k-link-selector &lt;= 1.1.7 XSS in ZeroClipboard</title>
      <reference>http://1337day.com/exploit/20396</reference>
      <cve>2013-1808</cve>
      <type>XSS</type>
    </vulnerability>
  </plugin>
  <plugin name="wppygments">
    <vulnerability>
-      <title>CVE-2013-1808: wppygments &lt;= 0.3.2 XSS in ZeroClipboard</title>
+      <title>wppygments &lt;= 0.3.2 XSS in ZeroClipboard</title>
      <reference>http://www.openwall.com/lists/oss-security/2013/03/10/2</reference>
      <reference>http://1337day.com/exploit/20396</reference>
      <cve>2013-1808</cve>
      <type>XSS</type>
    </vulnerability>
  </plugin>
  <plugin name="copy-in-clipboard">
    <vulnerability>
-      <title>CVE-2013-1808: copy-in-clipboard &lt;= 0.8 XSS in ZeroClipboard</title>
+      <title>copy-in-clipboard &lt;= 0.8 XSS in ZeroClipboard</title>
      <reference>http://1337day.com/exploit/20396</reference>
      <cve>2013-1808</cve>
      <type>XSS</type>
    </vulnerability>
  </plugin>
  <plugin name="search-and-share">
    <vulnerability>
-      <title>CVE-2013-1808: search-and-share &lt;= 0.9.3 XSS in ZeroClipboard</title>
+      <title>search-and-share &lt;= 0.9.3 XSS in ZeroClipboard</title>
      <reference>http://1337day.com/exploit/20396</reference>
      <cve>2013-1808</cve>
      <type>XSS</type>
    </vulnerability>
  </plugin>
  <plugin name="placester">
    <vulnerability>
-      <title>CVE-2013-1808: placester &lt;= 0.3.12 XSS in ZeroClipboard</title>
+      <title>placester &lt;= 0.3.12 XSS in ZeroClipboard</title>
      <reference>http://1337day.com/exploit/20396</reference>
      <cve>2013-1808</cve>
      <type>XSS</type>
    </vulnerability>
  </plugin>
  <plugin name="drp-coupon">
    <vulnerability>
-      <title>CVE-2013-1808: drp-coupon &lt;= 2.1 XSS in ZeroClipboard</title>
+      <title>drp-coupon &lt;= 2.1 XSS in ZeroClipboard</title>
      <reference>http://1337day.com/exploit/20396</reference>
      <cve>2013-1808</cve>
      <type>XSS</type>
    </vulnerability>
  </plugin>
  <plugin name="coupon-code-plugin">
    <vulnerability>
-      <title>CVE-2013-1808: coupon-code-plugin &lt;= 2.1 XSS in ZeroClipboard</title>
+      <title>coupon-code-plugin &lt;= 2.1 XSS in ZeroClipboard</title>
      <reference>http://1337day.com/exploit/20396</reference>
      <cve>2013-1808</cve>
      <type>XSS</type>
    </vulnerability>
  </plugin>
  <plugin name="q2w3-inc-manager">
    <vulnerability>
-      <title>CVE-2013-1808: q2w3-inc-manager &lt;= 2.3.1 XSS in ZeroClipboard</title>
+      <title>q2w3-inc-manager &lt;= 2.3.1 XSS in ZeroClipboard</title>
      <reference>http://1337day.com/exploit/20396</reference>
      <cve>2013-1808</cve>
      <type>XSS</type>
    </vulnerability>
  </plugin>
  <plugin name="scorerender">
    <vulnerability>
-      <title>CVE-2013-1808: scorerender &lt;= 0.3.4 XSS in ZeroClipboard</title>
+      <title>scorerender &lt;= 0.3.4 XSS in ZeroClipboard</title>
      <reference>http://1337day.com/exploit/20396</reference>
      <cve>2013-1808</cve>
      <type>XSS</type>
    </vulnerability>
  </plugin>
  <plugin name="wp-link-to-us">
    <vulnerability>
-      <title>CVE-2013-1808: wp-link-to-us &lt;= 2.0 XSS in ZeroClipboard</title>
+      <title>wp-link-to-us &lt;= 2.0 XSS in ZeroClipboard</title>
      <reference>http://www.openwall.com/lists/oss-security/2013/03/10/2</reference>
      <reference>http://1337day.com/exploit/20396</reference>
      <cve>2013-1808</cve>
      <type>XSS</type>
    </vulnerability>
  </plugin>
  <plugin name="buckets">
    <vulnerability>
-      <title>CVE-2013-1808: buckets &lt;= 0.1.9.2 XSS in ZeroClipboard</title>
+      <title>buckets &lt;= 0.1.9.2 XSS in ZeroClipboard</title>
      <reference>http://www.openwall.com/lists/oss-security/2013/03/10/2</reference>
      <reference>http://1337day.com/exploit/20396</reference>
      <cve>2013-1808</cve>
      <type>XSS</type>
    </vulnerability>
  </plugin>
  <plugin name="java-trackback">
    <vulnerability>
-      <title>CVE-2013-1808: java-trackback &lt;= 0.2 XSS in ZeroClipboard</title>
+      <title>java-trackback &lt;= 0.2 XSS in ZeroClipboard</title>
      <reference>http://1337day.com/exploit/20396</reference>
      <cve>2013-1808</cve>
      <type>XSS</type>
    </vulnerability>
  </plugin>
  <plugin name="slidedeck2">
    <vulnerability>
-      <title>CVE-2013-1808: slidedeck2 &lt;= 2.1.20130228 XSS in ZeroClipboard</title>
+      <title>slidedeck2 &lt;= 2.1.20130228 XSS in ZeroClipboard</title>
      <reference>http://www.openwall.com/lists/oss-security/2013/03/10/2</reference>
      <reference>http://1337day.com/exploit/20396</reference>
      <cve>2013-1808</cve>
      <type>XSS</type>
    </vulnerability>
  </plugin>
  <plugin name="wp-clone-by-wp-academy">
    <vulnerability>
-      <title>CVE-2013-1808: wp-clone-by-wp-academy &lt;= 2.1.1 XSS in ZeroClipboard</title>
+      <title>wp-clone-by-wp-academy &lt;= 2.1.1 XSS in ZeroClipboard</title>
      <reference>http://www.openwall.com/lists/oss-security/2013/03/10/2</reference>
      <reference>http://1337day.com/exploit/20396</reference>
      <cve>2013-1808</cve>
      <type>XSS</type>
    </vulnerability>
  </plugin>
  <plugin name="tiny-url">
    <vulnerability>
-      <title>CVE-2013-1808: tiny-url &lt;= 1.3.2 XSS in ZeroClipboard</title>
+      <title>tiny-url &lt;= 1.3.2 XSS in ZeroClipboard</title>
      <reference>http://www.openwall.com/lists/oss-security/2013/03/10/2</reference>
      <reference>http://1337day.com/exploit/20396</reference>
      <cve>2013-1808</cve>
      <type>XSS</type>
    </vulnerability>
  </plugin>
  <plugin name="thethe-layout-grid">
    <vulnerability>
-      <title>CVE-2013-1808: thethe-layout-grid &lt;= 1.0.0 XSS in ZeroClipboard.</title>
+      <title>thethe-layout-grid &lt;= 1.0.0 XSS in ZeroClipboard.</title>
      <reference>http://www.openwall.com/lists/oss-security/2013/03/10/2</reference>
      <reference>http://1337day.com/exploit/20396</reference>
      <cve>2013-1808</cve>
      <type>XSS</type>
    </vulnerability>
  </plugin>
  <plugin name="paypal-digital-goods-monetization-powered-by-cleeng">
    <vulnerability>
-      <title>CVE-2013-1808: paypal-digital-goods-monetization-powered-by-cleeng &lt;= 2.2.13 XSS in ZeroClipboard</title>
+      <title>paypal-digital-goods-monetization-powered-by-cleeng &lt;= 2.2.13 XSS in ZeroClipboard</title>
      <reference>http://www.openwall.com/lists/oss-security/2013/03/10/2</reference>
      <reference>http://1337day.com/exploit/20396</reference>
      <cve>2013-1808</cve>
      <type>XSS</type>
    </vulnerability>
  </plugin>
  <plugin name="mobileview">
    <vulnerability>
-      <title>CVE-2013-1808: mobileview &lt;= 1.0.7 XSS in ZeroClipboard</title>
+      <title>mobileview &lt;= 1.0.7 XSS in ZeroClipboard</title>
      <reference>http://www.openwall.com/lists/oss-security/2013/03/10/2</reference>
      <reference>http://1337day.com/exploit/20396</reference>
      <cve>2013-1808</cve>
      <type>XSS</type>
    </vulnerability>
  </plugin>
  <plugin name="jaspreetchahals-coupons-lite">
    <vulnerability>
-      <title>CVE-2013-1808: jaspreetchahals-coupons-lite &lt;= 2.1 XSS in ZeroClipboard</title>
+      <title>jaspreetchahals-coupons-lite &lt;= 2.1 XSS in ZeroClipboard</title>
      <reference>http://www.openwall.com/lists/oss-security/2013/03/10/2</reference>
      <reference>http://1337day.com/exploit/20396</reference>
      <cve>2013-1808</cve>
      <type>XSS</type>
    </vulnerability>
  </plugin>
  <plugin name="geshi-source-colorer">
    <vulnerability>
-      <title>CVE-2013-1808: geshi-source-colorer &lt;= 0.13 XSS in ZeroClipboard</title>
+      <title>geshi-source-colorer &lt;= 0.13 XSS in ZeroClipboard</title>
      <reference>http://www.openwall.com/lists/oss-security/2013/03/10/2</reference>
      <reference>http://1337day.com/exploit/20396</reference>
      <cve>2013-1808</cve>
      <type>XSS</type>
    </vulnerability>
  </plugin>
  <plugin name="click-to-copy-grab-box">
    <vulnerability>
-      <title>CVE-2013-1808: click-to-copy-grab-box &lt;= 0.1.1 XSS in ZeroClipboard</title>
+      <title>click-to-copy-grab-box &lt;= 0.1.1 XSS in ZeroClipboard</title>
      <reference>http://www.openwall.com/lists/oss-security/2013/03/10/2</reference>
      <reference>http://1337day.com/exploit/20396</reference>
      <cve>2013-1808</cve>
      <type>XSS</type>
    </vulnerability>
  </plugin>
  <plugin name="cleeng">
    <vulnerability>
-      <title>CVE-2013-1808: cleeng &lt;= 2.3.2 XSS in ZeroClipboard</title>
+      <title>cleeng &lt;= 2.3.2 XSS in ZeroClipboard</title>
      <reference>http://www.openwall.com/lists/oss-security/2013/03/10/2</reference>
      <reference>http://1337day.com/exploit/20396</reference>
      <cve>2013-1808</cve>
      <type>XSS</type>
    </vulnerability>
  </plugin>
  <plugin name="bp-code-snippets">
    <vulnerability>
-      <title>CVE-2013-1808: bp-code-snippets &lt;= 2.0 XSS in ZeroClipboard</title>
+      <title>bp-code-snippets &lt;= 2.0 XSS in ZeroClipboard</title>
      <reference>http://www.openwall.com/lists/oss-security/2013/03/10/2</reference>
      <reference>http://1337day.com/exploit/20396</reference>
      <cve>2013-1808</cve>
      <type>XSS</type>
    </vulnerability>
  </plugin>
  <plugin name="snazzy-archives">
    <vulnerability>
-      <title>CVE-2009-4168: snazzy-archives &lt;= 1.7.1 XSS vulnerability</title>
+      <title>snazzy-archives &lt;= 1.7.1 XSS vulnerability</title>
      <reference>http://www.openwall.com/lists/oss-security/2013/03/10/3</reference>
      <cve>2009-4168</cve>
      <type>XSS</type>
    </vulnerability>
  </plugin>
  <plugin name="vkontakte-api">
    <vulnerability>
-      <title>CVE-2009-4168: vkontakte-api XSS vulnerability</title>
+      <title>vkontakte-api XSS vulnerability</title>
      <reference>http://www.openwall.com/lists/oss-security/2013/03/11/1</reference>
      <cve>2009-4168</cve>
      <type>XSS</type>
    </vulnerability>
  </plugin>
@@ -4436,7 +4467,7 @@
      <title>ofc_upload_image.php Arbitrary File Upload Vulnerability</title>
      <reference>http://www.exploit-db.com/exploits/24492/</reference>
      <reference>http://secunia.com/advisories/37903</reference>
-      <reference>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4140</reference>
+      <cve>2009-4140</cve>
      <type>UPLOAD</type>
      <fixed_in>0.5</fixed_in>
    </vulnerability>
@@ -4538,7 +4569,7 @@
    <vulnerability>
      <title>facebook-members CSRF</title>
      <reference>https://secunia.com/advisories/52962/</reference>
-      <reference>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2703</reference>
+      <cve>2013-2703</cve>
      <type>CSRF</type>
      <fixed_in>5.0.5</fixed_in>
    </vulnerability>
@@ -4548,7 +4579,7 @@
    <vulnerability>
      <title>foursquare-checkins CSRF</title>
      <reference>https://secunia.com/advisories/53151/</reference>
-      <reference>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2709</reference>
+      <cve>2013-2709</cve>
      <type>CSRF</type>
      <fixed_in>1.3</fixed_in>
    </vulnerability>
@@ -4567,7 +4598,7 @@
    <vulnerability>
      <title>all-in-one-webmaster CSRF</title>
      <reference>https://secunia.com/advisories/52877/</reference>
-      <reference>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2696</reference>
+      <cve>2013-2696</cve>
      <type>CSRF</type>
      <fixed_in>8.2.4</fixed_in>
    </vulnerability>
@@ -4619,7 +4650,7 @@
    <vulnerability>
      <title>easy-adsense-lite CSRF</title>
      <reference>https://secunia.com/advisories/52953/</reference>
-      <reference>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2702</reference>
+      <cve>2013-2702</cve>
      <type>CSRF</type>
      <fixed_in>6.10</fixed_in>
    </vulnerability>
@@ -4627,27 +4658,31 @@
  <plugin name="uk-cookie">
    <vulnerability>
-      <title>CVE-2012-5856: uk-cookie plugin XSS</title>
+      <title>uk-cookie plugin XSS</title>
      <reference>http://osvdb.org/87561</reference>
      <reference>http://seclists.org/bugtraq/2012/Nov/50</reference>
      <cve>2012-5856</cve>
      <type>XSS</type>
    </vulnerability>
    <vulnerability>
-      <title>CVE-2013-2180: uk-cookie CSRF</title>
+      <title>uk-cookie CSRF</title>
      <reference>http://www.openwall.com/lists/oss-security/2013/06/06/10</reference>
      <reference>http://osvdb.org/94032</reference>
      <cve>2013-2180</cve>
      <type>CSRF</type>
    </vulnerability>
  </plugin>
  <plugin name="wp-cleanfix">
    <vulnerability>
-      <title>CVE-2013-2108|CVE-2013-2109: wp-cleanfix Remote Command Execution, CSRF and XSS</title>
+      <title>wp-cleanfix Remote Command Execution, CSRF and XSS</title>
      <reference>https://github.com/wpscanteam/wpscan/issues/186</reference>
      <reference>http://wordpress.org/support/topic/plugin-wp-cleanfix-remote-code-execution-warning</reference>
      <reference>http://osvdb.org/93450</reference>
      <reference>http://secunia.com/advisories/53395/</reference>
      <reference>http://osvdb.org/93468</reference>
      <cve>2013-2108</cve>
      <cve>2013-2109</cve>
      <type>MULTI</type>
      <fixed_in>3.0.2</fixed_in>
    </vulnerability>
@@ -4811,10 +4846,11 @@
  <plugin name="underconstruction">
    <vulnerability>
-      <title>CSRF in WordPress underConstruction plugin (CVE-2013-2699)</title>
+      <title>CSRF in WordPress underConstruction plugin</title>
      <reference>http://wordpress.org/plugins/underconstruction/changelog/</reference>
      <reference>http://secunia.com/advisories/52881/</reference>
      <reference>http://osvdb.org/93857</reference>
      <cve>2013-2699</cve>
      <type>CSRF</type>
      <fixed_in>1.09</fixed_in>
    </vulnerability>
@@ -4971,16 +5007,18 @@
   <plugin name="xorbin-analog-flash-clock">
    <vulnerability>
-      <title>CVE-2013-4692: Xorbin Analog Flash Clock 1.0 Flash-based XSS</title>
+      <title>Xorbin Analog Flash Clock 1.0 Flash-based XSS</title>
      <reference>http://advisory.prakharprasad.com/xorbin_afc_wp.txt</reference>
      <cve>2013-4692</cve>
      <type>XSS</type>
    </vulnerability>
  </plugin>
  <plugin name="xorbin-digital-flash-clock">
    <vulnerability>
-      <title>CVE-2013-4693: Xorbin Digital Flash Clock 1.0 Flash-based XSS</title>
+      <title>Xorbin Digital Flash Clock 1.0 Flash-based XSS</title>
      <reference>http://advisory.prakharprasad.com/xorbin_dfc_wp.txt</reference>
      <cve>2013-4693</cve>
      <type>XSS</type>
    </vulnerability>
  </plugin>
@@ -5020,8 +5058,9 @@
  <plugin name="duplicator">
    <vulnerability>
-      <title>CVE-2013-4625: Duplicator installer.cleanup.php package Parameter XSS</title>
+      <title>Duplicator installer.cleanup.php package Parameter XSS</title>
      <reference>http://osvdb.org/95627</reference>
      <cve>2013-4625</cve>
      <type>XSS</type>
      <fixed_in>0.4.5</fixed_in>
    </vulnerability>
@@ -5056,8 +5095,9 @@
  <plugin name="xhanch-my-twitter">
    <vulnerability>
-      <title>CVE-2013-3253: CSRF in admin/setting.php in Xhanch</title>
+      <title>CSRF in admin/setting.php in Xhanch</title>
-      <reference>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3253</reference>
+      <reference>http://secunia.com/advisories/53133</reference>
      <cve>2013-3253</cve>
      <type>CSRF</type>
      <fixed_in>2.7.7</fixed_in>
    </vulnerability>
@@ -5065,8 +5105,9 @@
  <plugin name="sexybookmarks">
    <vulnerability>
-      <title>CVE-2013-3256: CSRF in sexybookmarks</title>
+      <title>CSRF in sexybookmarks</title>
      <reference>http://wordpress.org/plugins/sexybookmarks/changelog/</reference>
      <cve>2013-3256</cve>
      <type>CSRF</type>
      <fixed_in>6.1.5.0</fixed_in>
    </vulnerability>
--- a/data/vuln.xsd
+++ b/data/vuln.xsd
@@ -52,6 +52,7 @@
      <xs:element name="title" type="stringtype"/>
      <xs:element name="reference" type="uritype" maxOccurs="unbounded" minOccurs="1"/>
      <xs:element name="metasploit" type="stringtype" maxOccurs="unbounded" minOccurs="0"/>
      <xs:element name="cve" type="stringtype" minOccurs="0" maxOccurs="unbounded"/>
      <xs:element name="type" type="typetype"/>
      <xs:element name="fixed_in" type="stringtype" minOccurs="0" maxOccurs="1"/>
    </xs:sequence>
--- a/lib/common/models/vulnerability.rb
+++ b/lib/common/models/vulnerability.rb
@@ -5,22 +5,24 @@ require 'vulnerability/output'
 class Vulnerability
  include Vulnerability::Output
-  attr_accessor :title, :references, :type, :fixed_in, :metasploit_modules
+  attr_accessor :title, :references, :type, :fixed_in, :metasploit_modules, :cve
  #
  # @param [ String ] title The title of the vulnerability
  # @param [ String ] type  The type of the vulnerability
  # @param [ Array ] references References urls
  # @param [ Array ] metasploit_modules Metasploit modules for the vulnerability
-	# @param [ String ] fixed_in  Vuln fixed in Version X
+  # @param [ String ] fixed_in  Vuln fixed in Version X
  # @param [ Array ] cve CVE numbers for the vulnerability
  #
  # @return [ Vulnerability ]
-  def initialize(title, type, references, metasploit_modules = [], fixed_in = '')
+  def initialize(title, type, references, metasploit_modules = [], fixed_in = '', cve = [])
    @title              = title
    @type               = type
    @references         = references
    @metasploit_modules = metasploit_modules
-    @fixed_in						= fixed_in
+    @fixed_in           = fixed_in
    @cve                = cve
  end
  # @param [ Vulnerability ] other
@@ -32,6 +34,7 @@ class Vulnerability
        type == other.type &&
        references == other.references &&
        fixed_in == other.fixed_in &&
        cve == other.cve &&
        metasploit_modules == other.metasploit_modules
  end
  # :nocov:
@@ -47,7 +50,8 @@ class Vulnerability
      xml_node.search('type').text,
      xml_node.search('reference').map(&:text),
      xml_node.search('metasploit').map(&:text),
-      xml_node.search('fixed_in').text
+      xml_node.search('fixed_in').text,
      xml_node.search('cve').map(&:text)
    )
  end
--- a/lib/common/models/vulnerability/output.rb
+++ b/lib/common/models/vulnerability/output.rb
@@ -10,6 +10,9 @@ class Vulnerability
      references.each do |r|
        puts ' | ' + red("* Reference: #{r}")
      end
      cve.each do |c|
        puts ' | ' + red("* CVE-#{c} - #{Output.cve_url(c)}")
      end
      metasploit_modules.each do |m|
        puts ' | ' + red("* Metasploit module: #{Output.metasploit_module_url(m)}")
      end
@@ -22,5 +25,9 @@ class Vulnerability
      "http://www.metasploit.com/modules/#{module_path}"
    end
    def self.cve_url(cve)
      "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE#{cve}"
    end
  end
 end
--- a/spec/lib/common/models/vulnerability/output_spec.rb
+++ b/spec/lib/common/models/vulnerability/output_spec.rb
@@ -19,7 +19,13 @@ describe Vulnerability::Output do
      @module   = 'gathering/yolo'
      @expected = modules_url + @module
    end
-  end
+    end
    describe '::cve_url' do
        it 'returns the correct url' do
            Vulnerability::Output.cve_url('1111-1111').should == 'http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1111-1111'
        end
    end
  describe '#output' do
    # How to test it ? oO
--- a/spec/lib/common/models/vulnerability_spec.rb
+++ b/spec/lib/common/models/vulnerability_spec.rb
@@ -18,6 +18,7 @@ describe Vulnerability do
      its(:type)               { should be type }
      its(:metasploit_modules) { should be_empty }
      its(:fixed_in)           { should be_empty }
      its(:cve)                { should be_empty }
    end
    context 'with metasploit modules argument' do
@@ -26,6 +27,7 @@ describe Vulnerability do
      its(:metasploit_modules) { should be modules }
      its(:fixed_in)           { should be_empty }
      its(:cve)                { should be_empty }
    end
    context 'with metasploit modules and fixed version argument' do
@@ -33,8 +35,19 @@ describe Vulnerability do
      let(:fixed_version)  { '1.0' }
      its(:metasploit_modules) { should be modules }
-      its(:fixed_in) { should == '1.0' }
+      its(:fixed_in)           { should == '1.0' }
      its(:cve)                { should be_empty }
    end
    context 'with cve argument' do
      subject(:vulnerability) { Vulnerability.new(title, type, references, [], '', cve) }
      let(:cve) { %w{2011-001 2011-002} }
      its(:metasploit_modules) { should be_empty }
      its(:fixed_in)           { should be_empty }
      its(:cve)                { should be cve }
    end
  end
  describe '::load_from_xml_node' do
@@ -47,6 +60,7 @@ describe Vulnerability do
    its(:type)               { should == 'CSRF' }
    its(:references)         { should == ['Ref 1', 'Ref 2'] }
    its(:metasploit_modules) { should == %w{exploit/ex1} }
    its(:cve)                { should == %w{2011-001} }
    its(:fixed_in)           { should == '1.0'}
  end
--- a/spec/samples/common/models/vulnerability/xml_node.xml
+++ b/spec/samples/common/models/vulnerability/xml_node.xml
@@ -2,6 +2,7 @@
  <title>Vuln Title</title>
  <reference>Ref 1</reference>
  <reference>Ref 2</reference>
  <cve>2011-001</cve>
  <type>CSRF</type>
  <metasploit>exploit/ex1</metasploit>
  <fixed_in>1.0</fixed_in>