{"vulnerability": "CVE-2023-4168", "sightings": [{"uuid": "be2cb64e-74bc-4223-b427-acc61c9b11dd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-41687", "type": "seen", "source": "https://t.me/cibsecurity/71304", "content": "\u203c CVE-2023-41687 \u203c\n\nAuth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Irina Sokolovskaya Goods Catalog plugin <=\u00c2\u00a02.4.1 versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-29T18:37:55.000000Z"}, {"uuid": "fcfdf0ad-abdb-4feb-9aac-5cb5f77e434f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-41682", "type": "seen", "source": "https://t.me/cibsecurity/72252", "content": "\u203c CVE-2023-41682 \u203c\n\nA improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiSandbox version 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 and 3.2.0 through 3.2.4 and 2.5.0 through 2.5.2 and 2.4.1 and 2.4.0 allows attacker to denial of service via crafted http requests.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-13T18:29:04.000000Z"}, {"uuid": "3e09dc6f-11a6-4cd1-bc6c-5f5efd1a898e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-41680", "type": "seen", "source": "https://t.me/cibsecurity/72251", "content": "\u203c CVE-2023-41680 \u203c\n\nA improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.0 through 3.0.7 and 2.5.0 through 2.5.2 and 2.4.1 allows attacker to execute unauthorized code or commands via crafted HTTP requests.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-13T18:29:03.000000Z"}, {"uuid": "3c23ba35-b5b3-429e-9f20-f14af6073a03", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-4168", "type": "seen", "source": "https://t.me/cibsecurity/67817", "content": "\u203c CVE-2023-4168 \u203c\n\nA vulnerability was found in Templatecookie Adlisting 2.14.0. It has been classified as problematic. Affected is an unknown function of the file /ad-list of the component Redirect Handler. The manipulation leads to information disclosure. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-236184. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-05T22:11:55.000000Z"}, {"uuid": "2595b047-85e2-4719-9607-9da56351dba7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-41683", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113647463905763198", "content": "", "creation_timestamp": "2024-12-13T20:44:39.995440Z"}, {"uuid": "6499e027-9e91-40e2-9ee8-8c0b9318bfe3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-41686", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113647463919585818", "content": "", "creation_timestamp": "2024-12-13T20:44:40.040274Z"}, {"uuid": "1481e4fb-da7a-44ac-9417-b7a66ec98ed3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-41688", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113647522922204990", "content": "", "creation_timestamp": "2024-12-13T20:59:40.767576Z"}, {"uuid": "b67e0132-aa60-463e-ab6a-fabba7ae920e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-41689", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113647522939015936", "content": "", "creation_timestamp": "2024-12-13T20:59:40.822839Z"}, {"uuid": "0a18eb1e-090d-49aa-b965-149b8ade6c73", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-41681", "type": "seen", "source": "https://t.me/cibsecurity/72254", "content": "\u203c CVE-2023-41681 \u203c\n\nA improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.0 through 3.0.7 and 2.5.0 through 2.5.2 and 2.4.1 allows attacker to execute unauthorized code or commands via crafted HTTP requests.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-13T18:29:06.000000Z"}]}