{"vulnerability": "CVE-2021-2471", "sightings": [{"uuid": "cdd1a38c-5ae7-4f82-82e4-32ecc89ad81c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-2471", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/730", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aPoC for CVE-2021-2471 - XXE in MySQL Connector/J\nURL\uff1ahttps://github.com/DrunkenShells/CVE-2021-2471", "creation_timestamp": "2021-10-22T18:30:37.000000Z"}, {"uuid": "828d88cc-98c7-48f7-bbac-eff0473f9824", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-2471", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/961", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1ah2-jdbc(https://github.com/h2database/h2database/issues/3195) & mysql-jdbc(CVE-2021-2471) SQLXML XXE vulnerability reproduction.\nURL\uff1ahttps://github.com/SecCoder-Security-Lab/jdbc-sqlxml-xxe", "creation_timestamp": "2021-12-12T06:17:57.000000Z"}, {"uuid": "3cb5a705-17cf-42f4-9d89-67a60ff5e734", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-2471", "type": "published-proof-of-concept", "source": "https://t.me/hacker_trick/331", "content": "The project is compiled based on the LandGrey/SpringBootVulExploit list The purpose is to quickly exploit vulnerabilities during hvv and lower the threshold for exploiting vulnerabilities\nhttps://github.com/0x727/SpringBootExploit\n\nh2-jdbc(https://github.com/h2database/h2database/issues/3195) & mysql-jdbc(CVE-2021-2471) SQLXML XXE vulnerability reproduction\nhttps://github.com/SecCoder-Security-Lab/jdbc-sqlxml-xxe", "creation_timestamp": "2021-10-22T09:37:40.000000Z"}, {"uuid": "e2054b82-4c6d-4477-8328-1fba43905b50", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-24718", "type": "seen", "source": "https://t.me/cibsecurity/33384", "content": "\u203c CVE-2021-24718 \u203c\n\nThe Contact Form, Survey & Popup Form Plugin for WordPress plugin before 1.5 does not properly sanitize some of its settings allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-06T18:20:55.000000Z"}, {"uuid": "e6075ca7-f16b-4c43-aa89-b08952c1cd15", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-24712", "type": "seen", "source": "https://t.me/cibsecurity/30324", "content": "\u203c CVE-2021-24712 \u203c\n\nThe Appointment Hour Booking WordPress plugin before 1.3.17 does not properly sanitize values used when creating new calendars.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-11T14:24:40.000000Z"}, {"uuid": "f908ca9a-b9e7-490e-b004-52cb7be1eb1e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-2471", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/726", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1ah2-jdbc(https://github.com/h2database/h2database/issues/3195) & mysql-jdbc(CVE-2021-2471) SQLXML XXE vulnerability reduce.\nURL\uff1ahttps://github.com/SecCoder-Security-Lab/jdbc-sqlxml-xxe", "creation_timestamp": "2021-10-22T07:17:22.000000Z"}, {"uuid": "868b80e4-bcf4-4fa1-82a5-7c59d4372fdb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-2471", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/4589", "content": "#exploit\nCVE-2021-2471:\nSQLXML XXE vulnerability reproduction\nhttps://github.com/SecCoder-Security-Lab/jdbc-sqlxml-xxe", "creation_timestamp": "2021-10-24T15:14:30.000000Z"}, {"uuid": "9b3d9136-393a-44ae-a6d3-17e4654debfd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-24714", "type": "seen", "source": "https://t.me/cibsecurity/33385", "content": "\u203c CVE-2021-24714 \u203c\n\nThe Import any XML or CSV File to WordPress plugin before 3.6.3 does not escape the Import's Title and Unique Identifier fields before outputting them in admin pages, which could allow high privilege users to perform Cross-Site attacks even when the unfiltered_html capability is disallowed.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-06T18:20:59.000000Z"}, {"uuid": "bf055d6a-3dd6-47f0-a0ea-0b0f244cd032", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-24716", "type": "seen", "source": "https://t.me/cibsecurity/31535", "content": "\u203c CVE-2021-24716 \u203c\n\nThe Modern Events Calendar Lite WordPress plugin before 5.22.3 does not properly sanitize or escape values set by users with access to adjust settings withing wp-admin.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-01T11:21:19.000000Z"}, {"uuid": "3d1a1eb4-11e1-424e-8eb1-573efa0c2e2b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-24715", "type": "seen", "source": "https://t.me/cibsecurity/31528", "content": "\u203c CVE-2021-24715 \u203c\n\nThe WP Sitemap Page WordPress plugin before 1.7.0 does not properly sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-01T11:21:10.000000Z"}, {"uuid": "59d827c9-eb1d-473b-828f-5fc8f4ce2345", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-24719", "type": "seen", "source": "https://t.me/cibsecurity/30310", "content": "\u203c CVE-2021-24719 \u203c\n\nThe Enfold Enfold WordPress theme before 4.8.4 was vulnerable to Reflected Cross-Site Scripting (XSS). The vulnerability is present on Enfold versions previous than 4.8.4 which use Avia Page Builder.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-11T14:24:22.000000Z"}, {"uuid": "c4176635-20bf-4155-934e-e526830ea32c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-2471", "type": "published-proof-of-concept", "source": "https://t.me/BlueRedTeam/1336", "content": "#CVE-2021\n\nh2-jdbc(https://github.com/h2database/h2database/issues/3195) & mysql-jdbc(CVE-2021-2471) SQLXML XXE vulnerability reproduction.\n\nhttps://github.com/SecCoder-Security-Lab/jdbc-sqlxml-xxe\n\n@BlueRedTeam", "creation_timestamp": "2021-12-12T07:19:08.000000Z"}]}