{"vulnerability": "CVE-2023-5229", "sightings": [{"uuid": "bd9cdd42-1261-4ea4-828b-819a1c422b77", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-5229", "type": "seen", "source": "https://t.me/cibsecurity/73242", "content": "\u203c CVE-2023-5229 \u203c\n\nThe E2Pdf WordPress plugin before 1.20.20 does not sanitize and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-31T17:21:14.000000Z"}, {"uuid": "acc838a4-c449-45f4-a0f5-af6b7ccb7f6a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-52292", "type": "seen", "source": "https://t.me/cvedetector/16471", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2023-52292 - IBM Sterling File Gateway Stored Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2023-52292 \nPublished : Jan. 27, 2025, 4:15 p.m. | 17\u00a0minutes ago \nDescription : IBM Sterling File Gateway 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.3 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"27 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-27T17:40:27.000000Z"}, {"uuid": "dc8800f8-99d7-4c87-9466-75ac6385a1f3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-52291", "type": "seen", "source": "https://t.me/cvedetector/1071", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2023-52291 - Streampark Maven Command Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2023-52291 \nPublished : July 17, 2024, 9:15 a.m. | 42\u00a0minutes ago \nDescription : In streampark, the project module integrates Maven's compilation capabilities. The input parameter validation is not strict, allowing attackers to insert commands for remote command execution, The prerequisite for a successful attack is that the user needs to log in to the streampark system and have system-level permissions. Generally, only users of that system have the authorization to log in, and users would not manually input a dangerous operation command. Therefore, the risk level of this vulnerability is very low.  \n  \nBackground:  \n  \nIn the \"Project\" module, the maven build args\u00a0\u00a0\u201c Severity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"17 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-17T12:22:00.000000Z"}, {"uuid": "f7fa4d6b-bcd9-463e-b178-ca81e273981a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-52290", "type": "seen", "source": "https://t.me/cvedetector/917", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2023-52290 - Streampark-console SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2023-52290 \nPublished : July 16, 2024, 8:15 a.m. | 38\u00a0minutes ago \nDescription : In streampark-console the list pages(e.g: application pages), users can sort page by field. This sort field is sent from the front-end to the back-end, and the SQL query is generated using this field. However, because this sort field isn't validated, there is a risk of SQL injection vulnerability.\u00a0The attacker must successfully log into the system to launch an attack, which may cause data leakage. Since no data will be written, so this is a low-impact vulnerability.  \n  \nMitigation:  \n  \nall users should upgrade to 2.1.4,  Such parameters will be blocked. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"16 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-16T11:15:11.000000Z"}, {"uuid": "9ffad856-c8b6-4d8c-8c6f-cad6d2961aa2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-52292", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113901204902829019", "content": "", "creation_timestamp": "2025-01-27T16:14:20.083394Z"}, {"uuid": "6d3b6161-84a3-4dc8-84cf-9a757fa22ac0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-52292", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgqdmftjcx2r", "content": "", "creation_timestamp": "2025-01-27T16:16:06.923617Z"}]}