Update CVE-2022-29548.yaml

2022-05-09 22:31:59 +05:30 · 2022-05-09 22:31:59 +05:30 · a9183f3601
parent 681f1ddaf0
commit a9183f3601
1 changed files with 14 additions and 12 deletions
--- a/cves/2022/CVE-2022-29548.yaml
+++ b/cves/2022/CVE-2022-29548.yaml
@ -4,18 +4,20 @@ info:
  name: WSO2 Management Console - Reflected XSS
  author: edoardottt
  severity: medium
-  description: A reflected XSS issue exists in the Management Console of several WSO2 products.
+  description: |
+    A reflected XSS issue exists in the Management Console of several WSO2 products.
+  reference:
+    - https://nvd.nist.gov/vuln/detail/CVE-2022-29548
+    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29548
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2022-29548
    cwe-id: CWE-79
-  reference:
-    - https://nvd.nist.gov/vuln/detail/CVE-2022-29548
-    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29548
-  tags: cve,cve2022,wso2,xss
  metadata:
+    verified: true
    google-dork: inurl:"carbon/admin/login"
+  tags: cve,cve2022,wso2,xss

 requests:
  - method: GET
@ -24,16 +26,16 @@ requests:

    matchers-condition: and
    matchers:
-      - type: status
-        status:
-          - 200
+      - type: word
+        part: body
+        words:
+          - "CARBON.showWarningDialog('???');alert(document.domain)//???"

      - type: word
        part: header
        words:
          - "text/html"

-      - type: word
-        part: body
-        words:
-          - "CARBON.showWarningDialog('???');alert(document.domain)//???"
+      - type: status
+        status:
+          - 200