Update CVE-2021-24214.yaml

2022-09-16 09:09:23 +05:30 · 2022-09-16 09:09:23 +05:30 · 0edb973710
parent d599057f3d
commit 0edb973710
1 changed files with 6 additions and 8 deletions
--- a/cves/2021/CVE-2021-24214.yaml
+++ b/cves/2021/CVE-2021-24214.yaml
@ -1,12 +1,9 @@
 id: CVE-2021-24214
 info:
-  name: 3.8.0-3.8.1 - Reflected Cross Site Scripting (XSS) via Login Error
+  name: OpenID Connect Generic Client 3.8.0-3.8.1 - Reflected Cross Site Scripting (XSS) via Login Error
  author: tess
  severity: medium
-  description: The OpenID Connect Generic Client WordPress plugin 3.8.0 and 3.8.1
-    did not sanitise the login error when output back in the login form, leading to
-    a reflected Cross-Site Scripting issue. This issue does not require authentication
-    and can be exploited with the default configuration.
+  description: The OpenID Connect Generic Client WordPress plugin 3.8.0 and 3.8.1 did not sanitise the login error when output back in the login form, leading to a reflected Cross-Site Scripting issue. This issue does not require authentication and can be exploited with the default configuration.
  reference:
    - https://wpscan.com/vulnerability/31cf0dfb-4025-4898-a5f4-fc7115565a10
    - https://nvd.nist.gov/vuln/detail/CVE-2021-24214
@ -16,19 +13,20 @@ info:
    cvss-score: 6.1
    cve-id: CVE-2021-24214
    cwe-id: CWE-79
-  tags: cve,cve2021,wordpress,xss
+  tags: cve,cve2021,wordpress,xss,wp-plugin,wp,openid

 requests:
  - method: GET
    path:
-      - '{{BaseURL}}/wp-login.php?login-error=<script>alert(0)</script>'
+      - '{{BaseURL}}/wp-login.php?login-error=<script>alert(document.domain)</script>'

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
-          - '<script>alert(0)</script>'
+          - 'ERROR (<script>alert(document.domain)</script>):'
+          - 'Login with OpenID Connect'
        condition: and

      - type: word