{"vulnerability": "CVE-2021-3942", "sightings": [{"uuid": "415e5f2d-076f-42b7-9a06-ca0326273d85", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-39427", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/12738", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2021-39427\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Cross site scripting vulnerability in 188Jianzhan 2.10 allows attackers to execute arbitrary code via the username parameter to /admin/reg.php.\n\ud83d\udccf Published: 2022-12-15T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-21T18:43:56.546Z\n\ud83d\udd17 References:\n1. https://github.com/vtime-tech/188Jianzhan/issues/4", "creation_timestamp": "2025-04-21T19:02:21.000000Z"}, {"uuid": "cd4c94b3-260b-46c5-bad5-0c2d3e6b3917", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-39428", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/12739", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2021-39428\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Cross Site Scripting (XSS) vulnerability in Users.php in eyoucms 1.5.4 allows remote attackers to run arbitrary code and gain escalated privilege via the filename for edit_users_head_pic.\n\ud83d\udccf Published: 2022-12-15T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-21T18:42:06.020Z\n\ud83d\udd17 References:\n1. https://github.com/eyoucms/eyoucms/issues/14", "creation_timestamp": "2025-04-21T19:02:22.000000Z"}, {"uuid": "f7a3ccd8-9eca-4721-b995-a21cd86bb424", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-39425", "type": "seen", "source": "https://t.me/cibsecurity/67056", "content": "\u203c CVE-2021-39425 \u203c\n\nSeedDMS v6.0.15 was discovered to contain an open redirect vulnerability. An attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the victim users to click on crafted links.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-21T00:32:58.000000Z"}, {"uuid": "f845fcca-6429-4a6a-8231-b65e11f9f4b4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-39420", "type": "seen", "source": "https://t.me/cibsecurity/32015", "content": "\u203c CVE-2021-39420 \u203c\n\nMultiple Cross Site Scripting (XSS) vulnerabilities exist in VFront 0.99.5 via the (1) s parameter in search_all.php and the (2) msg parameter in add.attach.php.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-08T22:31:10.000000Z"}, {"uuid": "dd029aeb-9ef1-417b-b1b3-114a4af61e3e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-39426", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/12737", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2021-39426\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: An issue was discovered in /Upload/admin/admin_notify.php in Seacms 11.4 allows attackers to execute arbitrary php code via the notify1 parameter when the action parameter equals set.\n\ud83d\udccf Published: 2022-12-15T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-21T18:44:48.249Z\n\ud83d\udd17 References:\n1. https://github.com/seacms-com/seacms/issues/21", "creation_timestamp": "2025-04-21T19:02:20.000000Z"}, {"uuid": "91fb45f6-d137-438b-9d21-bcc71c09a430", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-3942", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/13535", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2021-3942\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Certain HP Print products and Digital Sending products may be vulnerable to potential remote code execution and buffer overflow with use of Link-Local Multicast Name Resolution or LLMNR.\n\ud83d\udccf Published: 2022-11-22T23:07:47.320Z\n\ud83d\udccf Modified: 2025-04-25T20:52:47.519Z\n\ud83d\udd17 References:\n1. https://support.hp.com/us-en/document/ish_5948778-5949142-16/hpsbpi03780", "creation_timestamp": "2025-04-25T21:08:16.000000Z"}, {"uuid": "cb9f3462-3c6f-4dcd-bf0d-42c08809190c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-39421", "type": "seen", "source": "https://t.me/cibsecurity/67185", "content": "\u203c CVE-2021-39421 \u203c\n\nA cross-site scripting (XSS) vulnerability in SeedDMS v6.0.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-25T00:25:55.000000Z"}, {"uuid": "3fed0b86-74a9-47ff-a929-8b3b8fdcda6a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-39426", "type": "seen", "source": "https://t.me/cibsecurity/54621", "content": "\u203c CVE-2021-39426 \u203c\n\nAn issue was discovered in /Upload/admin/admin_notify.php in Seacms 11.4 allows attackers to execute arbitrary php code via the notify1 parameter when the action parameter equals set.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-15T22:23:50.000000Z"}, {"uuid": "3061e6f1-62a4-4f7f-b06c-44f768efeebb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-39427", "type": "seen", "source": "https://t.me/cibsecurity/54619", "content": "\u203c CVE-2021-39427 \u203c\n\nCross site scripting vulnerability in 188Jianzhan 2.10 allows attackers to execute arbitrary code via the username parameter to /admin/reg.php.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-15T22:23:47.000000Z"}]}