{"vulnerability": "CVE-2024-39090", "sightings": [{"uuid": "931071cc-1467-4b62-b634-c84ecbe98c99", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-39090", "type": "published-proof-of-concept", "source": "https://t.me/Kelvinseccommunity/2227", "content": "#exploit\n1. CVE-2024-54679:\nCyber Panel DoS\nhttps://github.com/hotplugin0x01/CVE-2024-54679\n\n2. CVE-2024-39090:\nCSRF to Stored XSS in PHP Gurukul Online Shopping Portal v2.0\nhttps://github.com/ghostwirez/CVE-2024-39090-PoC\n\n3. CVE-2023-23586:\nLinux vDSO and VVAR\nhttps://u1f383.github.io/linux/2024/12/11/linux-vdso-and-vvar.html", "creation_timestamp": "2024-12-20T18:02:36.000000Z"}, {"uuid": "3611548e-0f23-4c9c-a8a6-6428cf840cb3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-39090", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/11581", "content": "#exploit\n1. CVE-2024-54679:\nCyber Panel DoS\nhttps://github.com/hotplugin0x01/CVE-2024-54679\n\n2. CVE-2024-39090:\nCSRF to Stored XSS in PHP Gurukul Online Shopping Portal v2.0\nhttps://github.com/ghostwirez/CVE-2024-39090-PoC\n\n3. CVE-2023-23586:\nLinux vDSO and VVAR\nhttps://u1f383.github.io/linux/2024/12/11/linux-vdso-and-vvar.html", "creation_timestamp": "2024-12-22T23:23:48.000000Z"}, {"uuid": "13dba775-c878-4755-ad35-1dfd80aa219e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-39090", "type": "published-proof-of-concept", "source": "https://t.me/xxexm/1674", "content": "This PoC script exploits CVE-2024-39090, a CSRF to Stored XSS vulnerability in PHPGurukul Online Shopping Portal v2.0. It automates CSRF attacks to inject persistent JavaScript payloads, which execute when a privileged user accesses the affected page, enabling actions such as session hijacking or credential theft.\n\nhttps://github.com/ghostwirez/CVE-2024-39090-PoC", "creation_timestamp": "2024-11-29T17:35:07.000000Z"}, {"uuid": "d3c75852-8ced-4ddd-a9b4-d7c3cd05ec87", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-39090", "type": "published-proof-of-concept", "source": "https://t.me/ckeArsenal/134", "content": "https://github.com/ghostwirez/CVE-2024-39090-PoC\n\nCVE-2024-39090 PoC Exploit Script\n#github #exploit #xss", "creation_timestamp": "2024-12-21T15:55:06.000000Z"}, {"uuid": "402bfdff-c4c0-40e8-a291-05ec310cf5ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-39090", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/9224", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aPOC - CVE-2024-21534 Jsonpath-plus vulnerable to Remote Code Execution (RCE) due to improper input sanitization\nURL\uff1ahttps://github.com/ghostwirez/CVE-2024-39090-PoC\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-11-29T01:05:02.000000Z"}, {"uuid": "84a0a8d3-3e05-4bbc-9d58-4b3512a62872", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-39090", "type": "seen", "source": "https://t.me/cvedetector/1177", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-39090 - \"PHPGurukul Online Shopping Portal CSRF Stored XSS Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-39090 \nPublished : July 18, 2024, 8:15 p.m. | 22\u00a0minutes ago \nDescription : The PHPGurukul Online Shopping Portal Project version 2.0 contains a vulnerability that allows Cross-Site Request Forgery (CSRF) to lead to Stored Cross-Site Scripting (XSS). An attacker can exploit this vulnerability to execute arbitrary JavaScript code in the context of a user's session, potentially leading to account takeover. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-18T22:38:53.000000Z"}, {"uuid": "7d9bf8a2-3057-4940-b4a6-e33997904723", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-39090", "type": "published-proof-of-concept", "source": "https://t.me/suboxone_chatroom/1559", "content": "#exploit\n1. CVE-2024-54679:\nCyber Panel DoS\nhttps://github.com/hotplugin0x01/CVE-2024-54679\n\n2. CVE-2024-39090:\nCSRF to Stored XSS in PHP Gurukul Online Shopping Portal v2.0\nhttps://github.com/ghostwirez/CVE-2024-39090-PoC\n\n3. CVE-2023-23586:\nLinux vDSO and VVAR\nhttps://u1f383.github.io/linux/2024/12/11/linux-vdso-and-vvar.html", "creation_timestamp": "2025-01-27T07:06:51.000000Z"}]}