Update CVE-2022-30072.yaml

cves/2022/CVE-2022-30072.yaml

@@ -0,0 +1,35 @@
+id: CVE-2022-30072
+
+info:
+  name: WBCE CMS v1.5.2 XSS Stored
+  author: arafatansari
+  severity: medium
+  description: |
+    WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting (XSS) via \admin\pages\sections_save.php namesection2 parameters.
+  reference:
+    - https://github.com/APTX-4879/CVE
+    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30072
+  metadata:
+    verified: true
+  tags: wbcecms,xss
+
+requests:
+  - method: POST
+    path:
+      - "{{BaseURL}}\admin\pages\sections_save.php”
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "<script>alert(document.domain)</script>"
+
+      - type: word
+        part: header
+        words:
+          - text/html
+
+      - type: status
+        status:
+          - 200