{"vulnerability": "CVE-2023-4539", "sightings": [{"uuid": "f77f9fff-3098-4e9c-9842-b660e759a899", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-45394", "type": "seen", "source": "https://t.me/cibsecurity/72641", "content": "\u203c CVE-2023-45394 \u203c\n\nStored Cross-Site Scripting (XSS) vulnerability in the Company field in the \"Request a Quote\" Section of Small CRM v3.0 allows an attacker to store and execute malicious javascript code in the Admin panel which leads to Admin account takeover.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-20T07:35:01.000000Z"}, {"uuid": "235e8c1d-1aa6-4c26-921e-04b723a24fa2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-45393", "type": "seen", "source": "https://t.me/cibsecurity/72250", "content": "\u203c CVE-2023-45393 \u203c\n\nAn indirect object reference (IDOR) in GRANDING UTime Master v9.0.7-Build:Apr 4,2023 allows authenticated attackers to access sensitive information via a crafted cookie.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-13T18:29:02.000000Z"}, {"uuid": "f768f09d-f4ff-4d43-8f9f-859f9f7590b7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-4539", "type": "seen", "source": "https://t.me/ctinow/185391", "content": "https://ift.tt/NfW2Lji\nCVE-2023-4539", "creation_timestamp": "2024-02-15T10:25:23.000000Z"}, {"uuid": "dc5b5926-4b2e-43fd-b273-1c8fbaed0697", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-45396", "type": "seen", "source": "https://t.me/cibsecurity/72107", "content": "\u203c CVE-2023-45396 \u203c\n\nAn Insecure Direct Object Reference (IDOR) vulnerability leads to events profiles access in Elenos ETG150 FM transmitter running on version 3.12.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-11T18:32:05.000000Z"}, {"uuid": "aad4d56a-94c9-4a99-bab1-92fe470b2405", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-45391", "type": "seen", "source": "https://t.me/cibsecurity/72257", "content": "\u203c CVE-2023-45391 \u203c\n\nA stored cross-site scripting (XSS) vulnerability in the Create A New Employee function of Granding UTime Master v9.0.7-Build:Apr 4,2023 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the First Name parameter.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-13T18:29:13.000000Z"}]}