{"vulnerability": "CVE-2021-4309", "sightings": [{"uuid": "12ac3e40-f55c-40f1-a5c5-6c6681e8c227", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-4309", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11067", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2021-4309\n\ud83d\udd25 CVSS Score: 3.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: A vulnerability, which was classified as problematic, has been found in 01-Scripts 01ACP. This issue affects some unknown processing. The manipulation of the argument $_SERVER['SCRIPT_NAME'] leads to cross site scripting. The attack may be initiated remotely. The identifier of the patch is a16eb7da46ed22bc61067c212635394f2571d3c4. It is recommended to apply a patch to fix this issue. The identifier VDB-217649 was assigned to this vulnerability.\n\ud83d\udccf Published: 2023-01-08T16:59:19.824Z\n\ud83d\udccf Modified: 2025-04-09T14:40:46.029Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.217649\n2. https://vuldb.com/?ctiid.217649\n3. https://github.com/01-Scripts/01ACP/commit/a16eb7da46ed22bc61067c212635394f2571d3c4", "creation_timestamp": "2025-04-09T14:48:16.000000Z"}, {"uuid": "793d6d19-3cab-4fe0-95b7-9d445e893797", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-43094", "type": "seen", "source": "https://t.me/cibsecurity/42236", "content": "\u203c CVE-2021-43094 \u203c\n\nAn SQL Injection vulnerability exists in OpenMRS Reference Application Standalone Edition <=2.11 and Platform Standalone Edition <=2.4.0 via GET requests on arbitrary parameters in patient.page.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-10T16:34:15.000000Z"}, {"uuid": "5f3e6935-489b-48d0-957c-251acb431b7a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-43098", "type": "seen", "source": "https://t.me/cibsecurity/39696", "content": "\u203c CVE-2021-43098 \u203c\n\nA File Upload vulnerability exists in bbs v5.3 via QuestionManageAction.java in a getType function.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-29T02:40:43.000000Z"}, {"uuid": "ccb0ad41-ad82-4c7c-a3a9-51aa07cfa1f6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-43099", "type": "seen", "source": "https://t.me/cibsecurity/39695", "content": "\u203c CVE-2021-43099 \u203c\n\nAn Archive Extraction (AKA \"Zip Slip) vulnerability exists in bbs 5.3 in the UpgradeNow function in UpgradeManageAction.java, which unzips the arbitrary upladed zip file without checking filenames. The vulnerability is exploited using a specially crafted archive that holds directory traversal filenames (e.g. ../../evil.exe).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-29T02:40:42.000000Z"}, {"uuid": "bb384b84-c4e2-4113-befe-b71f111b25fb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-43091", "type": "seen", "source": "https://t.me/cibsecurity/39543", "content": "\u203c CVE-2021-43091 \u203c\n\nAn SQL Injection vlnerability exits in Yeswiki doryphore 20211012 via the email parameter in the registration form.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-25T19:30:51.000000Z"}, {"uuid": "046df3e8-9cd2-459a-8f32-ba632aaec319", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-43090", "type": "seen", "source": "https://t.me/cibsecurity/39540", "content": "\u203c CVE-2021-43090 \u203c\n\nAn XML External Entity (XXE) vulnerability exists in all versions of soa-model (as of 11.01/2021) in the WSDLParser function.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-25T19:30:46.000000Z"}, {"uuid": "a32370a8-95dc-4338-a390-6ed7c09810f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-43097", "type": "seen", "source": "https://t.me/cibsecurity/39703", "content": "\u203c CVE-2021-43097 \u203c\n\nA Server-side Template Injection (SSTI) vulnerability exists in bbs 5.3 in TemplateManageAction.javawhich could let a malicoius user execute arbitrary code.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-29T02:40:52.000000Z"}]}