From adf29bfe588b682d1262bdc4860ebc13f23fe12d Mon Sep 17 00:00:00 2001
From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com>
Date: Wed, 26 Oct 2022 11:54:30 +0530
Subject: [PATCH] Fix FP CVE-2019-3402

---
 cves/2019/CVE-2019-3402.yaml | 20 ++++++++++++++------
 1 file changed, 14 insertions(+), 6 deletions(-)

diff --git a/cves/2019/CVE-2019-3402.yaml b/cves/2019/CVE-2019-3402.yaml
index 9624e09c44..e35c785a95 100644
--- a/cves/2019/CVE-2019-3402.yaml
+++ b/cves/2019/CVE-2019-3402.yaml
@@ -1,10 +1,11 @@
 id: CVE-2019-3402
 
 info:
-  name: Jira <8.1.1 - Cross-Site Scripting
+  name: Jira < 8.1.1 - Cross-Site Scripting
   author: pdteam
   severity: medium
-  description: Jira before 8.1.1 contains a cross-site scripting vulnerability via ConfigurePortalPages.jspa resource in the searchOwnerUserName parameter.
+  description: |
+    Jira before 8.1.1 contains a cross-site scripting vulnerability via ConfigurePortalPages.jspa resource in the searchOwnerUserName parameter.
   reference:
     - https://gist.github.com/0x240x23elu/891371d46a1e270c7bdded0469d8e09c
     - https://jira.atlassian.com/browse/JRASERVER-69243
@@ -15,6 +16,7 @@ info:
     cve-id: CVE-2019-3402
     cwe-id: CWE-79
   metadata:
+    verified: true
     shodan-query: http.component:"Atlassian Jira"
   tags: cve,cve2019,atlassian,jira,xss
 
@@ -25,12 +27,18 @@ requests:
 
     matchers-condition: and
     matchers:
+      - type: word
+        part: body
+        words:
+          - "'<script>alert(1)</script>' does not exist"
+
+      - type: word
+        part: header
+        words:
+          - text/html
+
       - type: status
         status:
           - 200
-      - type: word
-        words:
-          - "<script>alert(1)</script>"
-        part: body
 
 # Enhanced by mp on 2022/08/31