{"vulnerability": "cve-2021-3815", "sightings": [{"uuid": "ca671249-1520-4caf-b68c-43c5078561ff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-38156", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/645", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aPoC for exploiting CVE-2021-38156 : In Nagios XI before 5.8.6, XSS exists in the dashboard page (/dashboards/#) when administrative users attempt to edit a dashboard.\nURL\uff1ahttps://github.com/AKIA27TACKEDYE76PUGU/CVE-2021-39204", "creation_timestamp": "2021-10-05T13:51:13.000000Z"}, {"uuid": "88e57af2-cd7e-4198-815c-89507bb91fe7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-38159", "type": "published-proof-of-concept", "source": "https://t.me/ctinow/49716", "content": "Palantir Public: SQL Injection at https://ift.tt/xHz9Lcb due to CVE-2021-38159\n\nhttps://ift.tt/LyudQ2n", "creation_timestamp": "2022-04-05T13:51:54.000000Z"}, {"uuid": "3a9dddf1-0797-4020-9123-179b005af360", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-38150", "type": "seen", "source": "https://t.me/cibsecurity/28807", "content": "\u203c CVE-2021-38150 \u203c\n\nWhen an attacker manages to get access to the local memory, or the memory dump of a victim, for example by a social engineering attack, SAP Business Client versions - 7.0, 7.70, will allow him to read extremely sensitive data, such as credentials. This would allow the attacker to compromise the corresponding backend for which the credentials are valid.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-14T16:22:04.000000Z"}, {"uuid": "7b182944-80df-4d70-aa4c-8b99123473b2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-38152", "type": "seen", "source": "https://t.me/cibsecurity/26928", "content": "\u203c CVE-2021-38152 \u203c\n\nindex.php/appointment/insert_patient_add_appointment in Chikitsa Patient Management System 2.0.0 allows XSS.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-06T16:32:43.000000Z"}, {"uuid": "7ed13f30-1986-4849-8b43-ef7e039b01ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-38154", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-38154.yaml", "content": "", "creation_timestamp": "2025-10-10T10:51:44.000000Z"}, {"uuid": "b5b002b9-70b9-4815-ad01-401d39c8584d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-38154", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3m2zlw2iwgd2n", "content": "", "creation_timestamp": "2025-10-12T21:02:31.314343Z"}, {"uuid": "cb9f952b-7f61-495a-81a5-19d0042ce411", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-38156", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/644", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aPoC for exploiting CVE-2021-38156 : In Nagios XI before 5.8.6, XSS exists in the dashboard page (/dashboards/#) when administrative users attempt to edit a dashboard.\nURL\uff1ahttps://github.com/AIPOCAI/CVE-2021-39204", "creation_timestamp": "2021-10-05T12:34:09.000000Z"}, {"uuid": "79ca4a8f-8dac-46b4-96c7-2be7c489231a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-3815", "type": "seen", "source": "https://t.me/cibsecurity/33614", "content": "\u203c CVE-2021-3815 \u203c\n\nutils.js is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-08T20:22:47.000000Z"}, {"uuid": "921fdfc7-2f2a-46ff-b6fe-2cce358717e3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-38156", "type": "seen", "source": "https://t.me/cibsecurity/28907", "content": "\u203c CVE-2021-38156 \u203c\n\nIn Nagios XI before 5.8.6, XSS exists in the dashboard page (/dashboards/#) when administrative users attempt to edit a dashboard.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-15T18:22:33.000000Z"}, {"uuid": "67c29030-6f59-4780-819f-3effc6c561b4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-38159", "type": "seen", "source": "https://t.me/cibsecurity/26967", "content": "\u203c CVE-2021-38159 \u203c\n\nIn certain Progress MOVEit Transfer versions before 2021.0.4 (aka 13.0.4), SQL injection in the MOVEit Transfer web application could allow an unauthenticated remote attacker to gain access to the database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database, or execute SQL statements that alter or delete database elements, via crafted strings sent to unique MOVEit Transfer transaction types. The fixed versions are 2019.0.8 (11.0.8), 2019.1.7 (11.1.7), 2019.2.4 (11.2.4), 2020.0.7 (12.0.7), 2020.1.6 (12.1.6), and 2021.0.4 (13.0.4).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-07T20:34:33.000000Z"}, {"uuid": "7e50f96c-ba16-423f-86aa-716a91ba9e38", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-38157", "type": "seen", "source": "https://t.me/cibsecurity/26963", "content": "\u203c CVE-2021-38157 \u203c\n\n** UNSUPPORTED WHEN ASSIGNED ** LeoStream Connection Broker 9.x before 9.0.34.3 allows Unauthenticated Reflected XSS via the /index.pl user parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-07T00:33:15.000000Z"}, {"uuid": "e14d1f5a-bc6d-439d-8bb0-9e134c01e1d6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-38155", "type": "seen", "source": "https://t.me/cibsecurity/26962", "content": "\u203c CVE-2021-38155 \u203c\n\nOpenStack Keystone 10.x through 16.x before 16.0.2, 17.x before 17.0.1, 18.x before 18.0.1, and 19.x before 19.0.1 allows information disclosure during account locking (related to PCI DSS features). By guessing the name of an account and failing to authenticate multiple times, any unauthenticated actor could both confirm the account exists and obtain that account's corresponding UUID, which might be leveraged for other unrelated attacks. All deployments enabling security_compliance.lockout_failure_attempts are affected.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-07T00:33:14.000000Z"}, {"uuid": "18cc2cb8-3759-4717-a6b8-2c00c1bd3311", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-38151", "type": "seen", "source": "https://t.me/cibsecurity/26925", "content": "\u203c CVE-2021-38151 \u203c\n\nindex.php/appointment/todos in Chikitsa Patient Management System 2.0.0 allows XSS.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-06T16:32:40.000000Z"}]}