{"vulnerability": "CVE-2021-2074", "sightings": [{"uuid": "236b4cb2-f443-4370-abd6-9088a1ba33fa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-20749", "type": "seen", "source": "https://t.me/cibsecurity/25730", "content": "\u203c CVE-2021-20749 \u203c\n\nCross-site scripting vulnerability in Fudousan plugin ver5.7.0 and earlier, Fudousan Plugin Pro Single-User Type ver5.7.0 and earlier, and Fudousan Plugin Pro Multi-User Type ver5.7.0 and earlier allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-06-28T07:22:12.000000Z"}, {"uuid": "74228e59-e13b-4897-89ec-6fd63e40e799", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-20745", "type": "seen", "source": "https://t.me/cibsecurity/25729", "content": "\u203c CVE-2021-20745 \u203c\n\nInkdrop versions prior to v5.3.1 allows an attacker to execute arbitrary OS commands on the system where it runs by loading a file or code snippet containing an invalid iframe into Inkdrop.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-06-28T07:22:12.000000Z"}, {"uuid": "1d227a5c-14c7-4574-9ec5-9eab09d298c6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-20742", "type": "seen", "source": "https://t.me/cibsecurity/25595", "content": "\u203c CVE-2021-20742 \u203c\n\nCross-site scripting vulnerability in EC-CUBE Business form output plugin (for EC-CUBE 3.0 series) versions prior to version 1.0.1 allows a remote attacker to inject an arbitrary script via unspecified vector.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-06-22T07:15:49.000000Z"}]}