{"vulnerability": "cve-2023-3623", "sightings": [{"uuid": "0c803e30-4007-4b04-a6d0-4c6099bb00fd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-36236", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/18592", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-36236\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Cross Site Scripting vulnerability in webkil Bagisto v.1.5.0 and before allows an attacker to execute arbitrary code via a crafted SVG file uplad.\n\ud83d\udccf Published: 2024-01-16T00:00:00.000Z\n\ud83d\udccf Modified: 2025-06-17T14:31:13.746Z\n\ud83d\udd17 References:\n1. https://bagisto.com/en/\n2. https://github.com/bagisto/bagisto/pull/4764/commits/7bbf0c4bb565fc2601f031f9bbcdfa06e24dbd45\n3. https://github.com/Ek-Saini/security/blob/main/XSS_via_fileupload-bagisto", "creation_timestamp": "2025-06-17T14:39:57.000000Z"}, {"uuid": "ff16a3f3-1b5c-4121-9660-edfc3674dea4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-36238", "type": "seen", "source": "https://t.me/ctinow/207236", "content": "https://ift.tt/Vj1vU3c\nCVE-2023-36238", "creation_timestamp": "2024-03-13T22:31:38.000000Z"}, {"uuid": "09bffb1c-e72b-4392-9737-1ce8890b4f2f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-36238", "type": "seen", "source": "https://t.me/ctinow/207218", "content": "https://ift.tt/Vj1vU3c\nCVE-2023-36238", "creation_timestamp": "2024-03-13T22:26:35.000000Z"}, {"uuid": "c1bfcf4c-e07c-46ab-89bb-2eb74f1801ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-36234", "type": "seen", "source": "https://t.me/cibsecurity/70864", "content": "\u203c CVE-2023-36234 \u203c\n\nCross Site Scripting (XSS) vulnerability in Netbox 3.5.1, allows attackers to execute arbitrary code via Name field in device-roles/add function.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-21T02:30:28.000000Z"}, {"uuid": "7253cb07-18f9-4a99-ab47-4d8a75cf4127", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-36237", "type": "seen", "source": "https://t.me/ctinow/193827", "content": "https://ift.tt/0bA9TdD\nCVE-2023-36237", "creation_timestamp": "2024-02-26T23:26:32.000000Z"}, {"uuid": "8fd2ca8d-e091-4080-9fae-fed0db56db25", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-36235", "type": "seen", "source": "https://t.me/ctinow/173087", "content": "https://ift.tt/n2MdSlB\nCVE-2023-36235 Exploit", "creation_timestamp": "2024-01-24T21:16:27.000000Z"}, {"uuid": "1afcfa91-ff38-45f1-be44-44f0324195eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-36237", "type": "seen", "source": "https://t.me/ctinow/193834", "content": "https://ift.tt/0bA9TdD\nCVE-2023-36237", "creation_timestamp": "2024-02-26T23:26:39.000000Z"}, {"uuid": "857df1eb-bb1d-4d91-8829-7be6c4a1ac7f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-36236", "type": "seen", "source": "https://t.me/ctinow/182601", "content": "https://ift.tt/Z45yjWp\nCVE-2023-36236 | Webkil Bagisto up to 1.5.0 SVG File Upload cross site scripting", "creation_timestamp": "2024-02-10T16:11:42.000000Z"}, {"uuid": "73affc68-cdbf-445e-8e33-970aaa7a9877", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-36235", "type": "seen", "source": "https://t.me/ctinow/182600", "content": "https://ift.tt/zG82xmB\nCVE-2023-36235 | Webkul QloApps up to 1.5.x id_order information disclosure", "creation_timestamp": "2024-02-10T16:11:41.000000Z"}, {"uuid": "c195aeae-ff76-4053-9ace-c4d48308aad8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-36235", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/17928", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-36235\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: An issue in webkul qloapps before v1.6.0 allows an attacker to obtain sensitive information via the id_order parameter.\n\ud83d\udccf Published: 2024-01-17T00:00:00.000Z\n\ud83d\udccf Modified: 2025-06-10T16:19:20.190Z\n\ud83d\udd17 References:\n1. https://qloapps.com/\n2. https://github.com/webkul/hotelcommerce/pull/537\n3. https://github.com/Ek-Saini/security/blob/main/IDOR-Qloapps", "creation_timestamp": "2025-06-10T16:31:53.000000Z"}, {"uuid": "ca5162ce-2a60-4cea-89a8-43dda53d3c5a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-36236", "type": "seen", "source": "https://t.me/ctinow/170726", "content": "https://ift.tt/4ntou38\nCVE-2023-36236 Exploit", "creation_timestamp": "2024-01-20T21:16:26.000000Z"}, {"uuid": "d951d61e-1694-4fe2-bcd6-ea1cb58d2f09", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-3623", "type": "seen", "source": "https://t.me/cibsecurity/66412", "content": "\u203c CVE-2023-3623 \u203c\n\nA vulnerability was found in Suncreate Mountain Flood Disaster Prevention Monitoring and Early Warning System up to 20230704. It has been rated as critical. Affected by this issue is some unknown functionality of the file /Duty/AjaxHandle/UploadHandler.ashx of the component Duty Module. The manipulation of the argument Filedata leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-233576. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-11T20:29:50.000000Z"}]}