{"vulnerability": "cve-2023-28153", "sightings": [{"uuid": "4f642ff3-cf0d-4a56-81a8-80dbd52ea804", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-28153", "type": "published-proof-of-concept", "source": "https://t.me/androidMalware/1890", "content": "Multiple Vulnerabilities in Kiddoware Kids Place Parental Control Android App (CVE-2023-28153, CVE-2023-29078, CVE-2023-29079)\n1) Login and registration returns password as MD5 hash\n2) Stored XSS via device name in parent Dashboard\n3) Possible CSRF attacks in parent Dashboard \n4) Arbitrary File Upload to AWS S3 bucket\n5) Disable Child App Restriction without Parent's notice\nhttps://sec-consult.com/vulnerability-lab/advisory/multiple-vulnerabilities-in-kiddoware-kids-place-parental-control-android-app/", "creation_timestamp": "2023-06-27T08:54:53.000000Z"}]}