{"vulnerability": "cve-2023-2706", "sightings": [{"uuid": "c3c5f46b-90f7-482c-95a2-74afcc7ac24f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27069", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/5779", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-27069\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A stored cross-site scripting (XSS) vulnerability in TotalJS OpenPlatform commit b80b09d allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the account name field.\n\ud83d\udccf Published: 2023-03-14T00:00:00.000Z\n\ud83d\udccf Modified: 2025-02-27T20:10:25.927Z\n\ud83d\udd17 References:\n1. https://www.youtube.com/watch?v=Ryuz1gymiw8\n2. https://github.com/totaljs/openplatform/issues/52\n3. https://www.edoardoottavianelli.it/CVE-2023-27069/", "creation_timestamp": "2025-02-27T20:25:39.000000Z"}, {"uuid": "99875beb-2986-414c-ad9f-e6ea0fb18ec7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27061", "type": "seen", "source": "Telegram/aexjgjjIW7HoeEcOF0mBkW4vOZmIxgb62dbXrzpXSW-zZjIF", "content": "", "creation_timestamp": "2025-03-02T11:44:20.000000Z"}, {"uuid": "71886520-9abc-4c59-8dc1-f8f2f9b2e32c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27066", "type": "seen", "source": "https://t.me/cibsecurity/64547", "content": "\u203c CVE-2023-27066 \u203c\n\nDirectory Traversal vulnerability in Site Core Experience Platform 10.2 and earlier allows authenticated remote attackers to download arbitrary files via Urlhandle.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-22T20:25:35.000000Z"}, {"uuid": "e576ced0-016b-415f-96fb-49353aa6cda9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27067", "type": "seen", "source": "https://t.me/cibsecurity/64559", "content": "\u203c CVE-2023-27067 \u203c\n\nDirectory Traversal vulnerability in Sitecore Experience Platform through 10.2 allows remote attackers to download arbitrary files via crafted command to download.aspx\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-22T22:24:48.000000Z"}, {"uuid": "a812a6f5-ae65-4567-9d93-487094dffc96", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27064", "type": "seen", "source": "Telegram/tUX-O-8hTfF3iiram1K3yCbOvXpmZJ9EseItzvNoD0BeOabw", "content": "", "creation_timestamp": "2025-03-02T11:44:20.000000Z"}, {"uuid": "ffa4bd6f-a117-4bc7-8ff2-abb3d49b0cbc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27069", "type": "seen", "source": "Telegram/F1WwG7jsnNluAy96lj51DxO_AFLUNpNDYfLvRPXRoPdfd9-W", "content": "", "creation_timestamp": "2025-03-02T11:44:20.000000Z"}, {"uuid": "b9bb9d91-2941-447a-8df4-9cab3e2509db", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27067", "type": "seen", "source": "Telegram/TZ5oU-LzUwTmsEV_PLGFZ4j7j4d-E7OmqeOd6a_qq-2TEThE", "content": "", "creation_timestamp": "2025-02-01T17:28:09.000000Z"}, {"uuid": "f5e6f1be-31f7-40f3-93b2-0e6815b45c72", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27066", "type": "seen", "source": "Telegram/qKzBtc3ZVW8xMVM3kvtjKPTfFnz_IgXlBCkSrxsmXHa9mXJ1", "content": "", "creation_timestamp": "2025-02-01T17:28:09.000000Z"}, {"uuid": "6a64cf61-11e0-4297-a2f0-d124e47f62d2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27069", "type": "seen", "source": "https://t.me/cibsecurity/60009", "content": "\u203c CVE-2023-27069 \u203c\n\nA stored cross-site scripting (XSS) vulnerability in TotalJS OpenPlatform commit b80b09d allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the account name field.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-14T19:30:24.000000Z"}, {"uuid": "47623d39-83ee-4942-9bd4-5983cbcd211e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27062", "type": "seen", "source": "https://t.me/cibsecurity/59893", "content": "\u203c CVE-2023-27062 \u203c\n\nTenda V15V1.0 was discovered to contain a buffer overflow vulnerability via the gotoUrl parameter in the formPortalAuth function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-13T17:23:20.000000Z"}, {"uuid": "dbccd2d5-63df-4709-95b6-5d2c5aef40c9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27065", "type": "seen", "source": "https://t.me/cibsecurity/59899", "content": "\u203c CVE-2023-27065 \u203c\n\nTenda V15V1.0 V15.11.0.14(1521_3190_1058) was discovered to contain a buffer overflow vulnerability via the picName parameter in the formDelWewifiPi function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-13T17:23:26.000000Z"}, {"uuid": "7b9eb55f-9436-4a8c-bb3c-17373f829b5e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27063", "type": "seen", "source": "Telegram/Hm8S59YJmgwTzKRfZiuFGsZJVRoCVqG8wGqndBOjhoSUKGYN", "content": "", "creation_timestamp": "2025-03-02T11:44:20.000000Z"}, {"uuid": "56d92f24-4713-43e0-9996-15c168969fd8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27062", "type": "seen", "source": "Telegram/kkfepPEsGty0H-WZynrV96W3iSAGXCGKcItlarjOqO9zcP6F", "content": "", "creation_timestamp": "2025-03-02T11:44:20.000000Z"}, {"uuid": "d3b5f6d4-48b5-451e-adb8-677ec71c877e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27060", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/5530", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-27060\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: LightCMS v1.3.7 was discovered to contain a remote code execution (RCE) vulnerability via the image:make function.\n\ud83d\udccf Published: 2023-03-22T00:00:00.000Z\n\ud83d\udccf Modified: 2025-02-26T16:01:20.232Z\n\ud83d\udd17 References:\n1. https://igml.top/2021/05/10/lightcms-RCE/\n2. https://github.com/eddy8/LightCMS/issues/21", "creation_timestamp": "2025-02-26T16:24:26.000000Z"}, {"uuid": "183421d1-f176-46d3-9c8c-8ef1fe6b9a49", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27065", "type": "seen", "source": "Telegram/UO5ms4MMk8cdzOBBOXL7kb8vTa-nTwYO-J-KkZwg1SbyRr65", "content": "", "creation_timestamp": "2025-03-02T11:44:20.000000Z"}, {"uuid": "872be066-31bd-428a-be39-1d94e6a285f1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-2706", "type": "seen", "source": "https://t.me/cibsecurity/64289", "content": "\u203c CVE-2023-2706 \u203c\n\nThe OTP Login Woocommerce &amp; Gravity Forms plugin for WordPress is vulnerable to authentication bypass. This is due to the fact that when generating OTP codes for users to use in order to login via phone number, the plugin returns these codes in an AJAX response. This makes it possible for unauthenticated attackers to obtain login codes for administrators. This does require an attacker have access to the phone number configured for an account, which can be obtained via social engineering or reconnaissance.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-17T07:31:00.000000Z"}, {"uuid": "70fbbecc-9e90-4d22-914e-1957cec624ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27063", "type": "seen", "source": "https://t.me/cibsecurity/59904", "content": "\u203c CVE-2023-27063 \u203c\n\nTenda V15V1.0 V15.11.0.14(1521_3190_1058) was discovered to contain a buffer overflow vulnerability via the DNSDomainName parameter in the formModifyDnsForward function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-13T17:23:31.000000Z"}, {"uuid": "315d70aa-f2fa-47f5-886d-18790b30704b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27064", "type": "seen", "source": "https://t.me/cibsecurity/59898", "content": "\u203c CVE-2023-27064 \u203c\n\nTenda V15V1.0 V15.11.0.14(1521_3190_1058) was discovered to contain a buffer overflow vulnerability via the index parameter in the formDelDnsForward function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-13T17:23:26.000000Z"}, {"uuid": "cc080c6b-3e32-4d3c-8539-7fbd76be72e1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27061", "type": "seen", "source": "https://t.me/cibsecurity/59895", "content": "\u203c CVE-2023-27061 \u203c\n\nTenda V15V1.0 V15.11.0.14(1521_3190_1058) was discovered to contain a buffer overflow vulnerability via the wifiFilterListRemark parameter in the modifyWifiFilterRules function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-13T17:23:22.000000Z"}]}