{"vulnerability": "CVE-2021-3550", "sightings": [{"uuid": "6a8f6c36-fada-4ed7-8597-99215bd68055", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-35503", "type": "seen", "source": "https://t.me/cibsecurity/29965", "content": "\u203c CVE-2021-35503 \u203c\n\nAfian FileRun 2021.03.26 allows stored XSS via an HTTP X-Forwarded-For header that is mishandled when rendering Activity Logs.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-05T16:30:36.000000Z"}, {"uuid": "0a3b71ad-7199-4654-bcab-f2e8f47b7df8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-35506", "type": "seen", "source": "https://t.me/cibsecurity/29971", "content": "\u203c CVE-2021-35506 \u203c\n\nAfian FileRun 2021.03.26 allows XSS when an administrator encounters a crafted document during use of the HTML Editor for a preview or edit action.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-05T16:30:43.000000Z"}, {"uuid": "f6ba28a3-9336-4374-b6ae-82452263bff5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-35504", "type": "seen", "source": "https://t.me/cibsecurity/29956", "content": "\u203c CVE-2021-35504 \u203c\n\nAfian FileRun 2021.03.26 allows Remote Code Execution (by administrators) via the Check Path value for the ffmpeg binary.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-05T16:30:25.000000Z"}, {"uuid": "b54b7e40-5fa8-48b1-964a-77f9f4a9ffe1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-35501", "type": "seen", "source": "https://t.me/cibsecurity/25714", "content": "\u203c CVE-2021-35501 \u203c\n\nPandoraFMS &lt;=7.54 allows Stored XSS by placing a payload in the name field of a visual console. When a user or an administrator visits the console, the XSS payload will be executed.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-06-25T20:19:41.000000Z"}, {"uuid": "a9c6ddbe-de47-4356-bbbf-c1ca43ed8d0e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-35502", "type": "seen", "source": "https://t.me/cibsecurity/25724", "content": "\u203c CVE-2021-35502 \u203c\n\napp/View/Elements/genericElements/IndexTable/Fields/generic_field.ctp in MISP 2.4.144 does not sanitize certain data related to generic-template:index.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-06-26T00:19:50.000000Z"}, {"uuid": "4b78e6ba-a165-4a20-aad9-ca2a07c37cea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-35505", "type": "seen", "source": "https://t.me/cibsecurity/29960", "content": "\u203c CVE-2021-35505 \u203c\n\nAfian FileRun 2021.03.26 allows Remote Code Execution (by administrators) via the Check Path value for the magick binary.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-05T16:30:30.000000Z"}]}