Update CVE-2022-43015.yaml

2022-10-25 02:17:07 +05:30 · 2022-10-25 02:17:07 +05:30 · f3c6ac7731
parent 5955a1e693
commit f3c6ac7731
1 changed files with 17 additions and 5 deletions
--- a/cves/2022/CVE-2022-43015.yaml
+++ b/cves/2022/CVE-2022-43015.yaml
@ -8,7 +8,11 @@ info:
    OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the entriesPerPage parameter.
  reference:
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43015
-  tags: xss,cve,2022
+    - https://github.com/hansmach1ne/opencats_zero-days/blob/main/XSS_in_entriesPerPage.md
+  metadata:
+    verified: true
+    shodan-query: title:"OpenCATS"
+  tags: cve,cve2022,xss,opencats

 requests:
  - raw:
@ -28,10 +32,18 @@ requests:
    cookie-reuse: true
    matchers-condition: and
    matchers:
+      - type: word
+        part: body
+        words:
+          - '<script>alert(document.domain)</script>'
+          - 'CATS='
+        condition: and
+
+      - type: word
+        part: header
+        words:
+          - "text/html"
+
      - type: status
        status:
          - 200
-
-      - type: word
-        words:
-          - '<script>alert(document.cookie)</script>'