From 22ab0f9d53ec0235681b766e481b0184b1f7dd21 Mon Sep 17 00:00:00 2001 From: sandeep Date: Sun, 15 May 2022 04:48:52 +0530 Subject: [PATCH] minor matcher update --- cves/2021/CVE-2021-25075.yaml | 5 +++-- vulnerabilities/wordpress/seo-redirection-xss.yaml | 3 ++- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/cves/2021/CVE-2021-25075.yaml b/cves/2021/CVE-2021-25075.yaml index 00192d9b93..2d8145956b 100644 --- a/cves/2021/CVE-2021-25075.yaml +++ b/cves/2021/CVE-2021-25075.yaml @@ -1,7 +1,7 @@ id: CVE-2021-25075 info: - name: Duplicate Page or Post < 1.5.1 - Arbitrary Settings Update to Stored XSS + name: WordPress Duplicate Page or Post < 1.5.1 - Stored XSS author: DhiyaneshDK severity: low description: | @@ -10,12 +10,12 @@ info: reference: - https://wpscan.com/vulnerability/db5a0431-af4d-45b7-be4e-36b6c90a601b - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25075 - tags: cve,cve2021,wordpress,xss,wp-plugin,authenticated classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N cvss-score: 3.50 cve-id: CVE-2021-25075 cwe-id: CWE-862 + tags: cve,cve2021,wordpress,xss,wp-plugin,authenticated requests: - raw: @@ -48,6 +48,7 @@ requests: words: - "style=animation-name:rotation onanimationstart=alert(/XSS/) p" - "toplevel_page_wpda_duplicate_post_menu" + condition: and - type: word part: header diff --git a/vulnerabilities/wordpress/seo-redirection-xss.yaml b/vulnerabilities/wordpress/seo-redirection-xss.yaml index f690939fcb..41362a0a81 100644 --- a/vulnerabilities/wordpress/seo-redirection-xss.yaml +++ b/vulnerabilities/wordpress/seo-redirection-xss.yaml @@ -1,7 +1,7 @@ id: seo-redirection-xss info: - name: SEO Redirection < 7.4 - Reflected Cross-Site Scripting + name: WordPress SEO Redirection < 7.4 - Reflected Cross-Site Scripting author: DhiyaneshDK severity: medium description: | @@ -42,6 +42,7 @@ requests: words: - "" - "settings_page_seo-redirection" + condition: and - type: word part: header