{"vulnerability": "CVE-2021-3733", "sightings": [{"uuid": "3a0ccfd8-5c73-41d5-88be-a0bda1ea9865", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-37333", "type": "seen", "source": "https://t.me/cibsecurity/29873", "content": "\u203c CVE-2021-37333 \u203c\n\nLaravel Booking System Booking Core 2.0 is vulnerable to Session Management. A password change at sandbox.bookingcore.org/user/profile/change-password does not invalidate a session that is opened in a different browser.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-04T18:18:45.000000Z"}, {"uuid": "977726f8-3d71-4cbd-a2a7-4277b6394050", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-37334", "type": "seen", "source": "https://t.me/cibsecurity/27893", "content": "\u203c CVE-2021-37334 \u203c\n\nA security issue in Umbraco Forms 4.0.0 to and including 8.7.5 could lead to a remote code execution attack and/or arbitrary file deletion.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-26T02:26:36.000000Z"}, {"uuid": "7dbaf2c8-1459-4b98-9201-2c418a998ece", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-3733", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0395/", "content": "", "creation_timestamp": "2026-04-02T17:00:00.000000Z"}, {"uuid": "15e50dfd-2f6c-451b-abb4-fa8828cbf12a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-37330", "type": "seen", "source": "https://t.me/cibsecurity/29870", "content": "\u203c CVE-2021-37330 \u203c\n\nLaravel Booking System Booking Core 2.0 is vulnerable to Cross Site Scripting (XSS). The Avatar upload in the My Profile section could be exploited to upload a malicious SVG file which contains Javascript. Now if another user/admin views the profile and clicks to view his avatar, an XSS will trigger.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-04T18:18:41.000000Z"}, {"uuid": "0931a629-51e6-4a2f-8ff5-9b983b9518ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-37331", "type": "seen", "source": "https://t.me/cibsecurity/29868", "content": "\u203c CVE-2021-37331 \u203c\n\nLaravel Booking System Booking Core 2.0 is vulnerable to Incorrect Access Control. On the Verifications page, after uploading an ID Card or Trade License and viewing it, ID Cards and Trade Licenses of other vendors/users can be viewed by changing the URL.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-04T18:18:39.000000Z"}]}