diff --git a/gems/avo/CVE-2023-34102.yml b/gems/avo/CVE-2023-34102.yml
index ce4b892760..173686597b 100644
--- a/gems/avo/CVE-2023-34102.yml
+++ b/gems/avo/CVE-2023-34102.yml
@@ -27,41 +27,6 @@ description: |
and attempts to work with it, which may result in dangerous behavior
and code execution.
- ### PoC
-
- 
-
- In the test scenario we choose the demo app and the review
- resource which has a polymorphic reviewable field.
-
- 
-
- Intercepting the request and switching the review[reviewable_type]
- from “Fish” to “File” which is a real class inside Rails
-
- 
-
- Corrupting the database with unusable classes will cause a crash
- at the application while viewing the new record or the index
- view (partial DoS)
-
- 
-
- Manual delete the corrupted resource in order to recover the
- applications functionality
-
- 
-
- Of course it is possible to use other class names or namespaces. The
- local development environment displays the backend error message
- when visiting a corrupted record. Avo is trying to apply a scope to
- this class that does not exist.
-
- 
-
- Specifying an invalid class name in the parameter will cause the
- application to crash again while trying constanize the provided string
-
### Impact
The final exploitation of this vulnerability requires more time than
diff --git a/gems/avo/CVE-2023-34103.yml b/gems/avo/CVE-2023-34103.yml
index dd10820114..327ad4a904 100644
--- a/gems/avo/CVE-2023-34103.yml
+++ b/gems/avo/CVE-2023-34103.yml
@@ -22,13 +22,6 @@ description: |
the request and modifying the post data, as the trix editor does not
allow adding custom html or js tags on the frontend.
- ### PoC
-
- 
- _Adding javascript in the post request which is used when editing a "post" resource (body is declared as a trix field)_
- 
- _Successful execution of JS code on live demo environment_
-
### Impact
Unlike non-persistent XSS, persistent XSS does not require a social
diff --git a/gems/avo/CVE-2024-22191.yml b/gems/avo/CVE-2024-22191.yml
index 5c97278c52..7f3b54bbae 100644
--- a/gems/avo/CVE-2024-22191.yml
+++ b/gems/avo/CVE-2024-22191.yml
@@ -27,26 +27,6 @@ description: |
the value is taken in lines **38** and **49** and seems to be
interpreted directly as html in lines **44** and **55**.
- ### PoC
-
- 
-
- To reproduce the vulnerability, follow these steps:
-
- 1. Edit an entry with a key_value field.
-
- 2. Enter the following payload into the value field:
- ```POC\\\"> Outside-tag
```
- ### PoC (Proof of Concept)
-
- To exploit this vulnerability:
- 1. Gain access to the generated Yard Doc.
- 2. Locate and access the "frames.html" file.
- 3. Construct a URL containing the malicious payload in the hash
- segment, for instance: `#!javascript:xss` for v0.9.34, and
- `#:javascript:xss` for v0.9.35
-
### Impact
This XSS vulnerability presents a substantial threat by enabling
diff --git a/spec/advisory_example.rb b/spec/advisory_example.rb
index 6897779985..6097bbfd4a 100644
--- a/spec/advisory_example.rb
+++ b/spec/advisory_example.rb
@@ -140,6 +140,10 @@
expect(subject).to_not include("\\n\\n")
end
+ it "must not have PoC sections" do
+ expect(subject).to_not include("### PoC")
+ end
+
it { expect(subject).to be_kind_of(String) }
it { expect(subject).not_to be_empty }
end