{"vulnerability": "GHSA-9v2v-jxvw-52rq", "sightings": [{"uuid": "037d788e-00b0-4e34-8505-3afab45d1794", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "GHSA-9v2v-jxvw-52rq", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113861471440807384", "content": "", "creation_timestamp": "2025-01-20T15:49:35.574629Z"}, {"uuid": "87f60c19-c8d2-45c3-93e9-4b5a78e7afc3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "GHSA-9V2V-JXVW-52RQ", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/2366", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-23044\n\ud83d\udd39 Description: PwnDoc is a penetration test report generator. There is no CSRF protection in pwndoc, allowing attackers to send requests on a logged-in user's behalf. This includes GET and POST requests due to the missing SameSite= attribute on cookies and the ability to refresh cookies. Commit 14acb704891245bf1703ce6296d62112e85aa995 patches the issue.\n\ud83d\udccf Published: 2025-01-20T15:43:23.882Z\n\ud83d\udccf Modified: 2025-01-20T15:43:23.882Z\n\ud83d\udd17 References:\n1. https://github.com/pwndoc/pwndoc/security/advisories/GHSA-9v2v-jxvw-52rq\n2. https://github.com/pwndoc/pwndoc/commit/14acb704891245bf1703ce6296d62112e85aa995", "creation_timestamp": "2025-01-20T16:01:44.000000Z"}]}