{"vulnerability": "CVE-2023-4373", "sightings": [{"uuid": "5b3d142a-e0de-4872-96d6-33c3551fc167", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-43739", "type": "seen", "source": "https://t.me/cibsecurity/71246", "content": "\u203c CVE-2023-43739 \u203c\n\nThe 'bookisbn' parameter of the cart.php resourcedoes not validate the characters received and theyare sent unfiltered to the database.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-29T02:37:09.000000Z"}, {"uuid": "ea523032-c074-4521-9da7-2b82fdd61c86", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-43734", "type": "seen", "source": "https://t.me/cibsecurity/71373", "content": "\u203c CVE-2023-43734 \u203c\n\nOs Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.This vulnerability allows attackers to inject JS through the \"name\" parameter,potentially leading to unauthorized execution of scripts within a user's web browser.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-01T02:39:13.000000Z"}, {"uuid": "78936dd4-8515-4709-9347-482df755a9df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-43735", "type": "seen", "source": "https://t.me/cibsecurity/71372", "content": "\u203c CVE-2023-43735 \u203c\n\nOs Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.This vulnerability allows attackers to inject JS through the \"formats_titles[7]\" parameter,potentially leading to unauthorized execution of scripts within a user's web browser.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-01T02:39:13.000000Z"}, {"uuid": "f9bde949-f33b-4c78-a6c7-c9b4c5da01c6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-43733", "type": "seen", "source": "https://t.me/cibsecurity/71370", "content": "\u203c CVE-2023-43733 \u203c\n\nOs Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.This vulnerability allows attackers to inject JS through the \"company_address\" parameter,potentially leading to unauthorized execution of scripts within a user's web browser.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-01T02:39:08.000000Z"}, {"uuid": "397a6d70-20c9-4319-954b-19e5fb3ca820", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-43732", "type": "seen", "source": "https://t.me/cibsecurity/71375", "content": "\u203c CVE-2023-43732 \u203c\n\nOs Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.This vulnerability allows attackers to inject JS through the \"tax_class_title\" parameter,potentially leading to unauthorized execution of scripts within a user's web browser.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-01T02:39:15.000000Z"}, {"uuid": "6126ba7f-9b0b-4b01-a064-a1e7fae2a58f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-43731", "type": "seen", "source": "https://t.me/cibsecurity/71364", "content": "\u203c CVE-2023-43731 \u203c\n\nOs Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.This vulnerability allows attackers to inject JS through the \"zone_name\" parameter,potentially leading to unauthorized execution of scripts within a user's web browser.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-01T23:44:50.000000Z"}, {"uuid": "90392149-422f-4916-a38b-a6dd95c57cc4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-43737", "type": "seen", "source": "https://t.me/cibsecurity/73021", "content": "\u203c CVE-2023-43737 \u203c\n\nOnline Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'fnm' parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-27T02:16:07.000000Z"}, {"uuid": "fc70c9bf-8399-4e4e-8ab5-343c5f006232", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-4373", "type": "seen", "source": "https://t.me/cibsecurity/68906", "content": "\u203c CVE-2023-4373 \u203c\n\nInadequate validation of permissions when employing remote tools and macros within Devolutions Remote Desktop Manager versions 2023.2.19 and earlier permits a user to initiate a connection without proper execution rights via the remote tools feature.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-21T22:41:30.000000Z"}, {"uuid": "8527c26a-11cd-4937-b85f-4b2178552a4c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-4373", "type": "seen", "source": "https://t.me/arpsyndicate/2341", "content": "#ExploitObserverAlert\n\nCVE-2023-4373\n\nDESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-4373. Inadequate validation of permissions when employing remote tools and macros within Devolutions Remote Desktop Manager versions 2023.2.19 and earlier permits a user to initiate a connection without proper execution rights via the remote tools feature.\n\nFIRST-EPSS: 0.001340000\nNVD-IS: 5.9\nNVD-ES: 3.9", "creation_timestamp": "2024-01-03T18:46:26.000000Z"}, {"uuid": "d4fe4a4a-0f59-4d78-a28d-0df8804f0d16", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-43730", "type": "seen", "source": "https://t.me/cibsecurity/71381", "content": "\u203c CVE-2023-43730 \u203c\n\nOs Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.This vulnerability allows attackers to inject JS through the \"countries_name[1]\" parameter,potentially leading to unauthorized execution of scripts within a user's web browser.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-01T02:39:23.000000Z"}]}