{"vulnerability": "cve-2023-3621", "sightings": [{"uuid": "118c977c-15ea-424a-85a6-1864fbd6a3c8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-36211", "type": "seen", "source": "https://t.me/cibsecurity/67536", "content": "\u203c CVE-2023-36211 \u203c\n\nThe Barebones CMS v2.0.2 is vulnerable to Stored Cross-Site Scripting (XSS) when an authenticated user interacts with certain features on the admin panel.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-01T20:38:43.000000Z"}, {"uuid": "51c7d9b6-53f2-4bf6-9190-cb04199092c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-36217", "type": "seen", "source": "https://t.me/cibsecurity/67721", "content": "\u203c CVE-2023-36217 \u203c\n\nCross Site Scripting vulnerability in Xoops CMS v.2.5.10 allows a remote attacker to execute arbitrary code via the category name field of the image manager function.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-03T22:40:12.000000Z"}, {"uuid": "6506ad52-8f2e-4a4e-99e0-9621bc10bedc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-36213", "type": "seen", "source": "https://t.me/cibsecurity/67711", "content": "\u203c CVE-2023-36213 \u203c\n\nSQL injection vulnerability in MotoCMS v.3.4.3 allows a remote attacker to gain privileges via the keyword parameter of the search function.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-03T20:40:08.000000Z"}, {"uuid": "c2ee49ec-a756-4f6b-b03a-fd6fa197c91c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-36210", "type": "seen", "source": "https://t.me/cibsecurity/67533", "content": "\u203c CVE-2023-36210 \u203c\n\nMotoCMS Version 3.4.3 Store Category Template was discovered to contain a Server-Side Template Injection (SSTI) vulnerability via the keyword parameter.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-01T20:38:40.000000Z"}, {"uuid": "f3dac4d6-c037-4ac3-9e7a-050af64d136d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-3621", "type": "seen", "source": "https://t.me/cibsecurity/66416", "content": "\u203c CVE-2023-3621 \u203c\n\nA vulnerability was found in IBOS OA 4.5.5. It has been classified as critical. Affected is the function createDeleteCommand of the file ?r=article/default/delete of the component Delete Packet. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-233574 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-11T20:29:57.000000Z"}]}