Update CVE-2021-46073.yaml

2022-09-01 13:07:46 +05:30 · 2022-09-01 13:07:46 +05:30 · ddf8cc6527
parent d786c2560b
commit ddf8cc6527
1 changed files with 20 additions and 20 deletions
--- a/cves/2021/CVE-2021-46073.yaml
+++ b/cves/2021/CVE-2021-46073.yaml
@ -1,25 +1,24 @@
 id: CVE-2021-46073
+
 info:
-  name: Vehicle Service Management System - 'User List' Stored Cross Site Scripting (XSS)
+  name: Vehicle Service Management System - Cross Site Scripting
  author: TenBird
-  severity: Medium
-  description: A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Vehicle Service Management System 1.0 via the User List Section in login panel.
+  severity: medium
+  description: |
+    A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Vehicle Service Management System 1.0 via the User List Section in login panel.
  reference:
-    - https://nvd.nist.gov/vuln/detail/CVE-2021-46068
+    - https://github.com/plsanu/Vehicle-Service-Management-System-User-List-Stored-Cross-Site-Scripting-XSS
+    - https://www.plsanu.com/vehicle-service-management-system-user-list-stored-cross-site-scripting-xss
+    - https://www.sourcecodester.com/php/14972/vehicle-service-management-system-php-free-source-code.html
+    - https://nvd.nist.gov/vuln/detail/CVE-2021-46073
  classification:
-    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
-    cvss-score: 4.8
    cve-id: CVE-2021-46073
-    cwe-id: CWE-79
-  tags: cve,cve2021,Stored XSS,Cross-Site-Script
+  metadata:
+    verified: true
+  tags: cve,cve2021,xss,vms,authenticated

 requests:
  - raw:
-
-      - |
-        GET /vehicle_service/admin/login.php HTTP/1.1
-        Host: {{Hostname}}
-
      - |
        POST /vehicle_service/classes/Login.php?f=login HTTP/1.1
        Host: {{Hostname}}
@ -38,14 +37,15 @@ requests:
        GET /vehicle_service/admin/?page=user/list HTTP/1.1
        Host: {{Hostname}}

+    req-condition: true
    redirects: true
+    max-redirects: 2
    cookie-reuse: true
    matchers-condition: and
    matchers:
-      - type: status
-        status:
-          - 200
-      - type: word
-        part: body
-        words:
-          - '"><script>alert(document.domain)</script>'
+      - type: dsl
+        dsl:
+          - "contains(all_headers_3, 'text/html')"
+          - "status_code_3 == 200"
+          - 'contains(body_3, "<script>alert(document.domain)</script> Test</td>")'
+        condition: and