Merge pull request #5844 from projectdiscovery/CVE-2019-3402

Fix FP CVE-2019-3402

cves/2019/CVE-2019-3402.yaml

@@ -1,10 +1,11 @@
 id: CVE-2019-3402
 
 info:
-  name: Jira <8.1.1 - Cross-Site Scripting
+  name: Jira < 8.1.1 - Cross-Site Scripting
   author: pdteam
   severity: medium
-  description: Jira before 8.1.1 contains a cross-site scripting vulnerability via ConfigurePortalPages.jspa resource in the searchOwnerUserName parameter.
+  description: |
+    Jira before 8.1.1 contains a cross-site scripting vulnerability via ConfigurePortalPages.jspa resource in the searchOwnerUserName parameter.
   reference:
     - https://gist.github.com/0x240x23elu/891371d46a1e270c7bdded0469d8e09c
     - https://jira.atlassian.com/browse/JRASERVER-69243
@@ -15,6 +16,7 @@ info:
     cve-id: CVE-2019-3402
     cwe-id: CWE-79
   metadata:
+    verified: true
     shodan-query: http.component:"Atlassian Jira"
   tags: cve,cve2019,atlassian,jira,xss
 
@@ -25,12 +27,18 @@ requests:
 
     matchers-condition: and
     matchers:
+      - type: word
+        part: body
+        words:
+          - "'<script>alert(1)</script>' does not exist"
+
+      - type: word
+        part: header
+        words:
+          - text/html
+
       - type: status
         status:
           - 200
-      - type: word
-        words:
-          - "<script>alert(1)</script>"
-        part: body
 
 # Enhanced by mp on 2022/08/31