{"vulnerability": "CVE-2021-4208", "sightings": [{"uuid": "006a1706-745d-4cde-9b7f-0e52182db09b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-42088", "type": "seen", "source": "https://t.me/cibsecurity/30223", "content": "\u203c CVE-2021-42088 \u203c\n\nAn issue was discovered in Zammad before 4.1.1. The Chat functionality allows XSS because clipboard data is mishandled.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-08T00:34:20.000000Z"}, {"uuid": "c2da8e9e-4598-4132-88c9-c61014293dc7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-42087", "type": "seen", "source": "https://t.me/cibsecurity/30218", "content": "\u203c CVE-2021-42087 \u203c\n\nAn issue was discovered in Zammad before 4.1.1. An admin can discover the application secret via the API.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-08T00:34:14.000000Z"}, {"uuid": "0796adee-13fa-4517-94e3-c07857933e49", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-42089", "type": "seen", "source": "https://t.me/cibsecurity/30216", "content": "\u203c CVE-2021-42089 \u203c\n\nAn issue was discovered in Zammad before 4.1.1. The REST API discloses sensitive information.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-08T00:34:11.000000Z"}, {"uuid": "97574c76-f143-4f01-8ffe-063d1d5e0290", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-42085", "type": "seen", "source": "https://t.me/cibsecurity/30228", "content": "\u203c CVE-2021-42085 \u203c\n\nAn issue was discovered in Zammad before 4.1.1. There is stored XSS via a custom Avatar.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-08T00:34:26.000000Z"}, {"uuid": "02377600-3959-4c5b-bd1b-1dfec99e8a3d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-42086", "type": "seen", "source": "https://t.me/cibsecurity/30226", "content": "\u203c CVE-2021-42086 \u203c\n\nAn issue was discovered in Zammad before 4.1.1. An Agent account can modify account data, and gain admin access, via a crafted request.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-08T00:34:24.000000Z"}, {"uuid": "4edd9091-74a0-4106-a981-7f68d7f5c791", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-42084", "type": "seen", "source": "https://t.me/cibsecurity/30221", "content": "\u203c CVE-2021-42084 \u203c\n\nAn issue was discovered in Zammad before 4.1.1. An attacker with valid agent credentials may send a series of crafted requests that cause an endless loop and thus cause denial of service.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-08T00:34:18.000000Z"}, {"uuid": "9d294ece-7156-4160-b312-6188c9560c03", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-42083", "type": "seen", "source": "https://t.me/cibsecurity/66250", "content": "\u203c CVE-2021-42083 \u203c\n\nAn authenticated attacker is able to create alerts that trigger a stored XSS attack.\u00c2\u00a0\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-10T20:23:53.000000Z"}, {"uuid": "638f0cc0-239d-4ec9-b2e6-cbb0bf4380d7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-42082", "type": "seen", "source": "https://t.me/cibsecurity/66272", "content": "\u203c CVE-2021-42082 \u203c\n\nLocal users are able to execute scripts under root privileges.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-10T20:29:56.000000Z"}, {"uuid": "3be079ee-49be-4681-9519-bbdde1d38bdc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-42081", "type": "seen", "source": "https://t.me/cibsecurity/66261", "content": "\u203c CVE-2021-42081 \u203c\n\nAn authenticated administrator is allowed to remotely execute arbitrary shell commands via the API.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-10T20:24:04.000000Z"}, {"uuid": "e45cfc6b-1f3f-47e5-a724-d60e9ea55a7c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-42082", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/918", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2021-42082\n\ud83d\udd39 Description: Local users are able to execute scripts under root privileges.\n\ud83d\udccf Published: 2023-07-10T06:29:47.984Z\n\ud83d\udccf Modified: 2025-01-09T07:56:43.744Z\n\ud83d\udd17 References:\n1. https://www.wbsec.nl/osnexus\n2. https://csirt.divd.nl/DIVD-2021-00020/\n3. https://www.osnexus.com/products/software-defined-storage\n4. https://csirt.divd.nl/CVE-2021-42082", "creation_timestamp": "2025-01-09T08:17:28.000000Z"}, {"uuid": "d1ad963d-5853-4e56-933a-4e5c8e3a4923", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-42080", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/917", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2021-42080\n\ud83d\udd39 Description: An attacker is able to launch a Reflected XSS attack using a crafted URL.\n\ud83d\udccf Published: 2023-07-10T06:29:48.166Z\n\ud83d\udccf Modified: 2025-01-09T07:56:43.948Z\n\ud83d\udd17 References:\n1. https://www.wbsec.nl/osnexus\n2. https://csirt.divd.nl/DIVD-2021-00020/\n3. https://www.osnexus.com/products/software-defined-storage\n4. https://csirt.divd.nl/CVE-2021-42080", "creation_timestamp": "2025-01-09T08:17:26.000000Z"}, {"uuid": "8cd85318-7a5a-42f6-be7e-e169d906480a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-42081", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/919", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2021-42081\n\ud83d\udd39 Description: An authenticated administrator is allowed to remotely execute arbitrary shell commands via the API.\n\ud83d\udccf Published: 2023-07-10T06:29:48.514Z\n\ud83d\udccf Modified: 2025-01-09T07:56:43.560Z\n\ud83d\udd17 References:\n1. https://www.wbsec.nl/osnexus\n2. https://csirt.divd.nl/DIVD-2021-00020/\n3. https://www.osnexus.com/products/software-defined-storage\n4. https://csirt.divd.nl/CVE-2021-42081", "creation_timestamp": "2025-01-09T08:17:31.000000Z"}]}