Update CVE-2018-19287.yaml

cves/2018/CVE-2018-19287.yaml

@@ -1,21 +1,21 @@
 id: CVE-2018-19287
 
 info:
-  name: WordPress Plugin Ninja Forms - Cross-Site Scripting
+  name: Ninja Forms <= 3.3.17 - Unauthenticated Cross-Site Scripting
   author: theamanrawat
   severity: medium
-  description: XSS in the Ninja Forms plugin before 3.3.18 for WordPress allows Remote Attackers to execute JavaScript.
+  description: |
+    XSS in the Ninja Forms plugin before 3.3.18 for WordPress allows Remote Attackers to execute JavaScript.
   reference:
+    - https://wpscan.com/vulnerability/fb036dc2-0ee8-4a3e-afac-f52050b3f8c7
     - https://wordpress.org/plugins/ninja-forms/
     - https://www.exploit-db.com/exploits/45880
     - https://nvd.nist.gov/vuln/detail/CVE-2018-19287
   classification:
-    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
-    cvss-score: 5.4
     cve-id: CVE-2018-19287
   metadata:
-    verified: "true"
+    verified: true
-  tags: cve,wp-plugin,ninja-forms,wordpress,wp,xss,authenticated
+  tags: cve,cve2018,wp-plugin,ninja-forms,wordpress,wp,xss,authenticated
 
 requests:
   - raw:
@@ -35,13 +35,15 @@ requests:
     matchers-condition: and
     matchers:
       - type: word
-        part: body
+        part: body_2
         words:
           - 'Begin Date" value="\"><img src=x onerror=alert(document.domain);//">'
+
+      - type: word
+        part: header_2
+        words:
+          - text/html
+
       - type: status
         status:
           - 200
-      - type: word
-        part: header
-        words:
-          - 'text/html'