{"uuid": "07554252-9e94-4bd9-a7e2-c61b5b7b2f52", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "GHSA-6MJP-2RM6-9G85", "type": "seen", "source": "https://t.me/arpsyndicate/2409", "content": "#ExploitObserverAlert\n\nGHSA-6mjp-2rm6-9g85\n\nDESCRIPTION: Exploit Observer has 3 entries related to GHSA-6MJP-2RM6-9G85. The CKEditor.HTMLConverter document lacked a protection against Cross-Site Request Forgery (CSRF), allowing to execute macros with the rights of the current user. If a privileged user with programming rights was tricked into executing a GET request to this document with certain parameters (e.g., via an image with a corresponding URL embedded in a comment or via a redirect), this would allow arbitrary remote code execution and the attacker could gain rights, access private information or impact the availability of the wiki.\n\nGHSS: 9.0", "creation_timestamp": "2024-01-04T02:29:09.000000Z"}