{"vulnerability": "CVE-2023-2705", "sightings": [{"uuid": "a5598568-fc4f-44a9-ae0d-c82143c4e5e1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27055", "type": "seen", "source": "Telegram/eQ89t9In-u3R0NzYgCWKIoqmXqwimzge-o9T3k9Y6-Kr4omE", "content": "", "creation_timestamp": "2025-02-21T22:10:44.000000Z"}, {"uuid": "542383f0-9914-43ee-bef0-814b336096eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27052", "type": "seen", "source": "Telegram/QDsuYDh_hT_rvFL4qossDVIUiTPGUA8vHiB05SYwxhC8KOvj", "content": "", "creation_timestamp": "2025-03-02T11:44:20.000000Z"}, {"uuid": "5df03e49-1cc8-4a30-be72-47f74cc21124", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27055", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/4977", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-27055\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Aver Information Inc PTZApp2 v20.01044.48 allows attackers to access sensitive files via a crafted GET request.\n\ud83d\udccf Published: 2023-03-24T00:00:00.000Z\n\ud83d\udccf Modified: 2025-02-21T19:27:02.737Z\n\ud83d\udd17 References:\n1. https://github.com/StolidWaffle/AVer-PTZApp2", "creation_timestamp": "2025-02-21T20:18:20.000000Z"}, {"uuid": "8b3c797d-5ba8-4494-8325-b70b13218362", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27059", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/5600", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-27059\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A cross-site scripting (XSS) vulnerability in the Edit Group function of ChurchCRM v4.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit Group Name text field.\n\ud83d\udccf Published: 2023-03-16T00:00:00.000Z\n\ud83d\udccf Modified: 2025-02-26T19:59:22.633Z\n\ud83d\udd17 References:\n1. https://github.com/ChurchCRM/CRM/issues/6450", "creation_timestamp": "2025-02-26T20:24:55.000000Z"}, {"uuid": "3b0f42da-cfb2-4a85-b9b2-748584e47d36", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27054", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/5529", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-27054\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A cross-site scripting (XSS) vulnerability in MiroTalk P2P before commit f535b35 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter under the settings module.\n\ud83d\udccf Published: 2023-03-22T00:00:00.000Z\n\ud83d\udccf Modified: 2025-02-26T16:03:02.285Z\n\ud83d\udd17 References:\n1. https://github.com/miroslavpejic85/mirotalk/issues/139\n2. https://github.com/miroslavpejic85/mirotalk\n3. https://github.com/miroslavpejic85/mirotalk/commit/f535b3515d2d480dc3135b37982f5df93e43c592", "creation_timestamp": "2025-02-26T16:24:25.000000Z"}, {"uuid": "078f23a8-5bc1-4cf6-8e42-e35111e28f22", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27054", "type": "seen", "source": "https://t.me/cibsecurity/60536", "content": "\u203c CVE-2023-27054 \u203c\n\nA cross-site scripting (XSS) vulnerability in MiroTalk P2P before commit f535b35 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter under the settings module.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-23T01:36:07.000000Z"}, {"uuid": "25c105be-a6c9-424f-a16f-4b61c5e94e3c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27053", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/4118", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aCVE-2023-27053 - Cross Site Scripting - Router CLARO (HGJ310)\nURL\uff1ahttps://github.com/d3fudd/XSS-HGJ310\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-04-06T20:52:15.000000Z"}, {"uuid": "59b282e5-877b-4bce-a10c-a2e7753cf1e0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27059", "type": "seen", "source": "https://t.me/cibsecurity/60219", "content": "\u203c CVE-2023-27059 \u203c\n\nA cross-site scripting (XSS) vulnerability in the Edit Group function of ChurchCRM v4.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit Group Name text field.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-17T09:45:45.000000Z"}]}