{"vulnerability": "cve-2023-2123", "sightings": [{"uuid": "c6e5f58a-efe0-4bcd-a06e-b1e4cbf9dee5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-2123", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/4337", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aPoC for CVE-2023-2123\nURL\uff1ahttps://github.com/daniloalbuqrque/poc-cve-xss-encoded-wp-inventory-manager-plugin\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-05-12T12:48:37.000000Z"}, {"uuid": "fec824a9-8f62-4f42-bca6-9a8bd9deeecc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-21237", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/9e0a3fc6-512b-449a-bc2a-4a1561977205", "content": "", "creation_timestamp": "2026-02-02T12:26:40.469674Z"}, {"uuid": "d2803c02-12c0-41a2-8713-42edcf472b95", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-21233", "type": "seen", "source": "https://t.me/cibsecurity/68527", "content": "\u203c CVE-2023-21233 \u203c\n\nIn multiple locations of avrc, there is a possible leak of heap data due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-15T02:25:53.000000Z"}, {"uuid": "c46921e3-a1f8-41a2-8aec-0bde823f98a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-2123", "type": "seen", "source": "https://t.me/cibsecurity/68647", "content": "\u203c CVE-2023-2123 \u203c\n\nThe WP Inventory Manager WordPress plugin before 2.1.0.13 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-16T16:50:36.000000Z"}, {"uuid": "4d672a8c-0f78-47e9-b4eb-9d28477a4675", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-21234", "type": "seen", "source": "https://t.me/cibsecurity/68512", "content": "\u203c CVE-2023-21234 \u203c\n\nIn launchConfirmationActivity of ChooseLockSettingsHelper.java, there is a possible way to enable developer options without the lockscreen PIN due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-15T02:19:59.000000Z"}, {"uuid": "4bb20df9-4727-4ca4-9c95-82dd9348e26f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-21232", "type": "seen", "source": "https://t.me/cibsecurity/68506", "content": "\u203c CVE-2023-21232 \u203c\n\nIn multiple locations, there is a possible way to retrieve sensor data without permissions due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-15T02:19:50.000000Z"}, {"uuid": "2fc8da16-25bd-4e0c-bf09-c311e565963c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-21231", "type": "seen", "source": "https://t.me/cibsecurity/68502", "content": "\u203c CVE-2023-21231 \u203c\n\nIn getIntentForButton of ButtonManager.java, there is a possible way for an unprivileged application to start a non-exported or permission-protected activity due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-15T02:19:43.000000Z"}, {"uuid": "16346cbb-0ad2-44bd-937f-6b0c8b403e88", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-21239", "type": "seen", "source": "https://t.me/cibsecurity/66627", "content": "\u203c CVE-2023-21239 \u203c\n\nIn visitUris of Notification.java, there is a possible way to leak image data across user boundaries due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-13T07:45:30.000000Z"}, {"uuid": "c9493070-ac6c-4fbc-82cb-1766a0a759d8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-21238", "type": "seen", "source": "https://t.me/cibsecurity/66619", "content": "\u203c CVE-2023-21238 \u203c\n\nIn visitUris of RemoteViews.java, there is a possible leak of images between users due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-13T07:45:16.000000Z"}, {"uuid": "7197c594-25ca-4f2d-b212-68d338d38ad2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-21237", "type": "seen", "source": "https://t.me/cibsecurity/65664", "content": "\u203c CVE-2023-21237 \u203c\n\nIn applyRemoteView of NotificationContentInflater.java, there is a possible way to hide foreground service notification due to misleading or insufficient UI. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-251586912\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-06-28T22:19:19.000000Z"}, {"uuid": "cda3e3ef-4eb2-4e75-99f1-ce7980a2c24d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-21237", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2024-03-05T18:10:03.000000Z"}, {"uuid": "9a754091-2538-43a2-802d-b77160a4ce09", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-21237", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/9e0a3fc6-512b-449a-bc2a-4a1561977205", "content": "", "creation_timestamp": "2026-02-02T12:26:40.469674Z"}, {"uuid": "cd351980-f18e-411f-b09e-63a8b7c5864d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-21237", "type": "seen", "source": "https://t.me/ctinow/212661", "content": "https://ift.tt/vu2OJop\nCVE-2023-21237 Exploitation", "creation_timestamp": "2024-03-24T21:16:55.000000Z"}, {"uuid": "c07a5e1e-7a21-4253-b85a-fbe22c485262", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-21237", "type": "exploited", "source": "https://t.me/information_security_channel/51677", "content": "CISA Warns of Pixel Phone Vulnerability Exploitation\nhttps://www.securityweek.com/cisa-warns-of-pixel-phone-vulnerability-exploitation/\n\nCISA adds Pixel Android phone (CVE-2023-21237) and Sunhillo SureLine (CVE-2021-36380) flaws to its known exploited vulnerabilities catalog.\u00a0\nThe post CISA Warns of Pixel Phone Vulnerability Exploitation (https://www.securityweek.com/cisa-warns-of-pixel-phone-vulnerability-exploitation/) appeared first on SecurityWeek (https://www.securityweek.com/).", "creation_timestamp": "2024-03-06T13:41:52.000000Z"}, {"uuid": "56e171c2-0067-47fc-95ab-d9f700b5b28a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-21237", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:10:52.000000Z"}, {"uuid": "37bb64ad-06ca-45bc-b365-929dd5af0b15", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-21231", "type": "seen", "source": "https://bsky.app/profile/intelrob.bsky.social/post/3lmq766vqrk2i", "content": "", "creation_timestamp": "2025-04-13T23:27:44.906882Z"}]}