{"vulnerability": "cve-2021-4146", "sightings": [{"uuid": "443b6ff2-f50f-4ad0-9382-61c636b5e02e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-4146", "type": "seen", "source": "https://t.me/cibsecurity/35705", "content": "\u203c CVE-2021-4146 \u203c\n\nBusiness Logic Errors in GitHub repository pimcore/pimcore prior to 10.2.6.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-18T18:24:52.000000Z"}, {"uuid": "28c0cc71-7ec7-435b-b9e8-c8f67a350d01", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-41461", "type": "seen", "source": "https://t.me/cibsecurity/29814", "content": "\u203c CVE-2021-41461 \u203c\n\nCross-site scripting (XSS) vulnerability in concrete/elements/collection_add.php in concrete5-legacy 5.6.4.0 and below allows remote attackers to inject arbitrary web script or HTML via the mode parameter.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-01T20:15:25.000000Z"}, {"uuid": "e4f3da67-e4f3-444d-b939-3c917436c84f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-41462", "type": "seen", "source": "https://t.me/cibsecurity/29815", "content": "\u203c CVE-2021-41462 \u203c\n\nCross-site scripting (XSS) vulnerability in concrete/elements/collection_add.php in concrete5-legacy 5.6.4.0 and below allows remote attackers to inject arbitrary web script or HTML via the ctID parameter.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-01T20:15:26.000000Z"}, {"uuid": "78a1bcb6-b2bf-402f-9517-7068cf71791e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-41465", "type": "seen", "source": "https://t.me/cibsecurity/29833", "content": "\u203c CVE-2021-41465 \u203c\n\nCross-site scripting (XSS) vulnerability in concrete/elements/collection_theme.php in concrete5-legacy 5.6.4.0 and below allows remote attackers to inject arbitrary web script or HTML via the rel parameter.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-01T20:15:47.000000Z"}, {"uuid": "15d2bc92-72eb-435b-91dd-42d0a7536b69", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-41463", "type": "seen", "source": "https://t.me/cibsecurity/29832", "content": "\u203c CVE-2021-41463 \u203c\n\nCross-site scripting (XSS) vulnerability in toos/permissions/dialogs/access/entity/types/group_combination.php in concrete5-legacy 5.6.4.0 and below allows remote attackers to inject arbitrary web script or HTML via the cID parameter.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-01T20:15:46.000000Z"}, {"uuid": "c406aa74-f71d-4527-803d-0ea30115ebe1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-41464", "type": "seen", "source": "https://t.me/cibsecurity/29830", "content": "\u203c CVE-2021-41464 \u203c\n\nCross-site scripting (XSS) vulnerability in concrete/elements/collection_add.php in concrete5-legacy 5.6.4.0 and below allows remote attackers to inject arbitrary web script or HTML via the rel parameter.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-01T20:15:44.000000Z"}, {"uuid": "9a0af29d-5f7b-483e-998e-a52376bc7374", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-41467", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-41467.yaml", "content": "", "creation_timestamp": "2023-04-27T09:58:59.000000Z"}, {"uuid": "e63e3725-cd61-4038-8a2e-5b0dfc1f2ae5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-41460", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-41460.yaml", "content": "", "creation_timestamp": "2023-08-22T10:38:38.000000Z"}, {"uuid": "a0e33440-a1dd-4586-a12d-a9a817fe25dd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-41465", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/643", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aPoC for exploiting CVE-2021-35198 : NETSCOUT nGeniusONE 6.3.0 build 1004 and earlier allows Stored Cross-Site Scripting (XSS) in the Packet Analysis module.\nURL\uff1ahttps://github.com/AIPOCAI/CVE-2021-41465", "creation_timestamp": "2021-10-05T10:34:31.000000Z"}, {"uuid": "fbc6ef8f-8a97-4523-801a-eadaa09ad75d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-41460", "type": "seen", "source": "https://t.me/cibsecurity/45291", "content": "\u203c CVE-2021-41460 \u203c\n\nECShop 4.1.0 has SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-28T16:36:09.000000Z"}]}