{"vulnerability": "CVE-2023-3725", "sightings": [{"uuid": "6a481c25-fa02-45d0-b22f-42e4655af0a7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-3725", "type": "seen", "source": "https://t.me/cibsecurity/71767", "content": "\u203c CVE-2023-3725 \u203c\n\nPotential buffer overflow vulnerability in the Zephyr CAN bus subsystem\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-07T00:13:47.000000Z"}, {"uuid": "f92307ea-8a70-486c-97cc-4114e364abf1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-37256", "type": "seen", "source": "https://t.me/cibsecurity/65745", "content": "\u203c CVE-2023-37256 \u203c\n\nAn issue was discovered in the Cargo extension for MediaWiki through 1.39.3. It allows one to store javascript: URLs in URL fields, and automatically links these URLs.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-06-29T20:14:42.000000Z"}, {"uuid": "e4a43026-1d8d-43e3-add1-3754b78929e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-37258", "type": "seen", "source": "https://t.me/cibsecurity/67261", "content": "\u203c CVE-2023-37258 \u203c\n\nDataEase is an open source data visualization analysis tool. Prior to version 1.18.9, DataEase has a SQL injection vulnerability that can bypass blacklists. The vulnerability has been fixed in v1.18.9. There are no known workarounds.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-26T00:27:16.000000Z"}, {"uuid": "f7d730b4-419a-4a63-a38a-3816a2fca2e7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-37257", "type": "seen", "source": "https://t.me/cibsecurity/67270", "content": "\u203c CVE-2023-37257 \u203c\n\nDataEase is an open source data visualization analysis tool. Prior to version 1.18.9, the DataEase panel and dataset have a stored cross-site scripting vulnerability. The vulnerability has been fixed in v1.18.9. There are no known workarounds.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-26T00:27:30.000000Z"}, {"uuid": "2466fe2e-2288-44f9-81b0-bdbff0bd6991", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-37255", "type": "seen", "source": "https://t.me/cibsecurity/65735", "content": "\u203c CVE-2023-37255 \u203c\n\nAn issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. In Special:CheckUser, a check of the \"get edits\" type is vulnerable to HTML injection through the User-Agent HTTP request header.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-06-29T20:14:28.000000Z"}, {"uuid": "a0211d19-bd1a-48eb-b34b-8ecdf74ca179", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-37259", "type": "seen", "source": "https://t.me/cibsecurity/66931", "content": "\u203c CVE-2023-37259 \u203c\n\nmatrix-react-sdk is a react-based SDK for inserting a Matrix chat/voip client into a web page. The Export Chat feature includes certain attacker-controlled elements in the generated document without sufficient escaping, leading to stored Cross site scripting (XSS). Since the Export Chat feature generates a separate document, an attacker can only inject code run from the `null` origin, restricting the impact. However, the attacker can still potentially use the XSS to leak message contents. A malicious homeserver is a potential attacker since the affected inputs are controllable server-side. This issue has been addressed in commit `22fcd34c60` which is included in release version 3.76.0. Users are advised to upgrade. The only known workaround for this issue is to disable or to not use the Export Chat feature.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-18T20:31:11.000000Z"}, {"uuid": "9cde6db9-c8d3-4127-8862-cdf281087680", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-37254", "type": "seen", "source": "https://t.me/cibsecurity/65742", "content": "\u203c CVE-2023-37254 \u203c\n\nAn issue was discovered in the Cargo extension for MediaWiki through 1.39.3. XSS can occur in Special:CargoQuery via a crafted page item when using the default format.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-06-29T20:14:39.000000Z"}, {"uuid": "dd67230d-335a-4662-8cfd-20aeb28b30a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-37251", "type": "seen", "source": "https://t.me/cibsecurity/65738", "content": "\u203c CVE-2023-37251 \u203c\n\nAn issue was discovered in the GoogleAnalyticsMetrics extension for MediaWiki through 1.39.3. The googleanalyticstrackurl parser function does not properly escape JavaScript in the onclick handler and does not prevent use of javascript: URLs.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-06-29T20:14:35.000000Z"}]}