{"vulnerability": "cve-2023-3726", "sightings": [{"uuid": "3c86367e-41f2-476c-b671-5bd032133da4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-3726", "type": "seen", "source": "https://t.me/arpsyndicate/2607", "content": "#ExploitObserverAlert\n\nCVE-2023-3726\n\nDESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-3726. OCSInventory allow stored email template with special characters that lead to a Stored cross-site Scripting.\n\nNVD-IS: 3.6\nNVD-ES: 1.2", "creation_timestamp": "2024-01-07T02:56:08.000000Z"}, {"uuid": "d6220fe1-4c8d-40f3-9591-f285803f12c8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-37265", "type": "seen", "source": "Telegram/DhBuM5h9ZembCAXJLb1SO10em_tONhvTPWBycf14R0dULg", "content": "", "creation_timestamp": "2023-10-17T17:40:39.000000Z"}, {"uuid": "b0119cc2-e39c-466f-93eb-0b00beb6bb96", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-37266", "type": "seen", "source": "Telegram/DhBuM5h9ZembCAXJLb1SO10em_tONhvTPWBycf14R0dULg", "content": "", "creation_timestamp": "2023-10-17T17:40:39.000000Z"}, {"uuid": "7438b698-ff55-49e5-a062-154cff6ff8e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-37265", "type": "seen", "source": "https://t.me/KomunitiSiber/945", "content": "Critical Vulnerabilities Uncovered in Open Source CasaOS Cloud Software\nhttps://thehackernews.com/2023/10/critical-vulnerabilities-uncovered-in.html\n\nTwo critical security flaws discovered in the open-source\u00a0CasaOS\u00a0personal cloud software could be successfully exploited by attackers to achieve arbitrary code execution and take over susceptible systems.\nThe vulnerabilities, tracked as\u00a0CVE-2023-37265\u00a0and\u00a0CVE-2023-37266, both carry a CVSS score of 9.8 out of a maximum of 10.\nSonar security researcher Thomas Chauchefoin, who discovered the bugs,\u00a0", "creation_timestamp": "2023-10-17T17:35:31.000000Z"}, {"uuid": "06c03b84-9d79-4705-9ab1-2ed94123eefd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-37266", "type": "seen", "source": "https://t.me/KomunitiSiber/945", "content": "Critical Vulnerabilities Uncovered in Open Source CasaOS Cloud Software\nhttps://thehackernews.com/2023/10/critical-vulnerabilities-uncovered-in.html\n\nTwo critical security flaws discovered in the open-source\u00a0CasaOS\u00a0personal cloud software could be successfully exploited by attackers to achieve arbitrary code execution and take over susceptible systems.\nThe vulnerabilities, tracked as\u00a0CVE-2023-37265\u00a0and\u00a0CVE-2023-37266, both carry a CVSS score of 9.8 out of a maximum of 10.\nSonar security researcher Thomas Chauchefoin, who discovered the bugs,\u00a0", "creation_timestamp": "2023-10-17T17:35:31.000000Z"}, {"uuid": "c2161aaa-4e25-488e-8c74-57632a7cf112", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-37265", "type": "seen", "source": "https://t.me/cibsecurity/66861", "content": "\u203c CVE-2023-37265 \u203c\n\nCasaOS is an open-source Personal Cloud system. Due to a lack of IP address verification an unauthenticated attackers can execute arbitrary commands as `root` on CasaOS instances. The problem was addressed by improving the detection of client IP addresses in `391dd7f`. This patch is part of CasaOS 0.4.4. Users should upgrade to CasaOS 0.4.4. If they can't, they should temporarily restrict access to CasaOS to untrusted users, for instance by not exposing it publicly.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-18T00:45:32.000000Z"}, {"uuid": "5c46f176-ed4d-41ea-beba-5eb09669e468", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-37264", "type": "seen", "source": "https://t.me/cibsecurity/66207", "content": "\u203c CVE-2023-37264 \u203c\n\nTekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 0.35.0, pipelines do not validate child UIDs, which means that a user that has access to create TaskRuns can create their own Tasks that the Pipelines controller will accept as the child Task. While the software stores and validates the PipelineRun's (api version, kind, name, uid) in the child Run's OwnerReference, it only store (api version, kind, name) in the ChildStatusReference. This means that if a client had access to create TaskRuns on a cluster, they could create a child TaskRun for a pipeline with the same name + owner reference, and the Pipeline controller picks it up as if it was the original TaskRun. This is problematic since it can let users modify the config of Pipelines at runtime, which violates SLSA L2 Service Generated / Non-falsifiable requirements. This issue can be used to trick the Pipeline controller into associating unrelated Runs to the Pipeline, feeding its data through the rest of the Pipeline. This requires access to create TaskRuns, so impact may vary depending on one Tekton setup. If users already have unrestricted access to create any Task/PipelineRun, this does not grant any additional capabilities. As of time of publication, there are no known patches for this issue.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-07T20:17:59.000000Z"}, {"uuid": "c32cc659-9f57-496a-a74b-a42e733e35f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-37267", "type": "seen", "source": "https://t.me/cibsecurity/66665", "content": "\u203c CVE-2023-37267 \u203c\n\nUmbraco is a ASP.NET CMS. Under rare conditions a restart of Umbraco can allow unauthorized users access to admin-level permissions. This vulnerability was patched in versions 10.6.1, 11.4.2 and 12.0.1.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-13T18:11:41.000000Z"}, {"uuid": "a4dfd9ca-3e02-462e-a8ae-f0fd9cfa76e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-37268", "type": "seen", "source": "https://t.me/cibsecurity/66766", "content": "\u203c CVE-2023-37268 \u203c\n\nWarpgate is an SSH, HTTPS and MySQL bastion host for Linux that doesn't need special client apps. When logging in as a user with SSO enabled an attacker may authenticate as an other user. Any user account which does not have a second factor enabled could be compromised. This issue has been addressed in commit `8173f6512a` and in releases starting with version 0.7.3. Users are advised to upgrade. Users unable to upgrade should require their users to use a second factor in authentication.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-15T02:22:44.000000Z"}, {"uuid": "7b1b7381-f251-4064-b042-5d44fd5d0a21", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-3726", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/16765", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-3726\n\ud83d\udd25 CVSS Score: 6.9 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N)\n\ud83d\udd39 Description: OCSInventory allow stored email template with special characters that lead to a Stored cross-site Scripting.\n\ud83d\udccf Published: 2024-01-04T14:39:43.942Z\n\ud83d\udccf Modified: 2025-05-16T22:50:09.989Z\n\ud83d\udd17 References:\n1. https://fluidattacks.com/advisories/creed/\n2. https://ocsinventory-ng.org/", "creation_timestamp": "2025-05-16T23:35:54.000000Z"}, {"uuid": "aee2f7da-5f7d-4520-9aeb-30ced79fb3f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-3726", "type": "seen", "source": "https://t.me/cibsecurity/74417", "content": "\u203c\ufe0fCVE-2023-3726\u203c\ufe0f\n\nOCSInventory allow stored email template with special characters that lead to a Stored crosssite Scripting.  \n\n\ud83d\udcd6 Read more\n\nVia \"National Vulnerability Database\"", "creation_timestamp": "2024-01-05T01:34:09.000000Z"}, {"uuid": "9a18dde8-fe4d-4cce-b2ca-373695fcb707", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-37265", "type": "published-proof-of-concept", "source": "https://t.me/codeb0ss/1056", "content": "AuthBypass via Internal IP", "creation_timestamp": "2024-09-17T21:30:02.000000Z"}, {"uuid": "58b5832b-8686-40a3-b4e8-8a59e393518b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-37263", "type": "seen", "source": "https://t.me/cibsecurity/70607", "content": "\u203c CVE-2023-37263 \u203c\n\nStrapi is the an open-source headless content management system. Prior to version 4.12.1, field level permissions are not respected in the relationship title. If an actor has relationship title and the relationship shows a field they don't have permission to see, the field will still be visible. Version 4.12.1 has a fix for this issue.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-15T22:25:38.000000Z"}, {"uuid": "29298543-3717-40cf-988f-06925172b173", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-37269", "type": "seen", "source": "https://t.me/ctinow/173901", "content": "https://ift.tt/XpCc7YD\nCVE-2023-37269 Exploit", "creation_timestamp": "2024-01-26T01:16:57.000000Z"}, {"uuid": "05f7000a-7abd-4b80-9db8-1ccfcd795db0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-3726", "type": "seen", "source": "https://t.me/ctinow/172585", "content": "https://ift.tt/59t3JGr\nCVE-2023-3726 | OCSInventory 2.12.0 Email Template cross site scripting", "creation_timestamp": "2024-01-24T09:11:51.000000Z"}, {"uuid": "84663e1a-d1ff-479f-a88e-29f6b441b4ad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-3726", "type": "seen", "source": "https://t.me/ctinow/166651", "content": "https://ift.tt/se5zrYo\nCVE-2023-3726 Exploit", "creation_timestamp": "2024-01-11T17:17:08.000000Z"}, {"uuid": "81f971bc-5b10-4154-b378-513733c55a23", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-3726", "type": "seen", "source": "https://t.me/ctinow/163081", "content": "https://ift.tt/jvhzHDX\nCVE-2023-3726", "creation_timestamp": "2024-01-04T16:31:58.000000Z"}, {"uuid": "e97bf086-0dd7-4e04-812a-0d4fda38b223", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-37266", "type": "seen", "source": "https://t.me/cibsecurity/66856", "content": "\u203c CVE-2023-37266 \u203c\n\nCasaOS is an open-source Personal Cloud system. Unauthenticated attackers can craft arbitrary JWTs and access features that usually require authentication and execute arbitrary commands as `root` on CasaOS instances. This problem was addressed by improving the validation of JWTs in commit `705bf1f`. This patch is part of CasaOS 0.4.4. Users should upgrade to CasaOS 0.4.4. If they can't, they should temporarily restrict access to CasaOS to untrusted users, for instance by not exposing it publicly.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-18T00:45:24.000000Z"}, {"uuid": "11367142-1dd9-46bc-ab17-f83252cec271", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-37260", "type": "seen", "source": "https://t.me/cibsecurity/66146", "content": "\u203c CVE-2023-37260 \u203c\n\nleague/oauth2-server is an implementation of an OAuth 2.0 authorization server written in PHP. Starting in version 8.3.2 and prior to version 8.5.3, servers that passed their keys to the CryptKey constructor as as string instead of a file path will have had that key included in a LogicException message if they did not provide a valid pass phrase for the key where required. This issue has been patched so that the provided key is no longer exposed in the exception message in the scenario outlined above. Users should upgrade to version 8.5.3 to receive the patch. As a workaround, pass the key as a file instead of a string.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-06T20:20:35.000000Z"}, {"uuid": "0f6887cf-8e29-4ae2-8888-9ed321ff54d8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-37269", "type": "seen", "source": "https://t.me/cibsecurity/66234", "content": "\u203c CVE-2023-37269 \u203c\n\nWinter is a free, open-source content management system (CMS) based on the Laravel PHP framework. Users with the `backend.manage_branding` permission can upload SVGs as the application logo. Prior to version 1.2.3, SVG uploads were not sanitized, which could have allowed a stored cross-site scripting (XSS) attack. To exploit the vulnerability, an attacker would already need to have developer or super user level permissions in Winter CMS. This means they would already have extensive access and control within the system. Additionally, to execute the XSS, the attacker would need to convince the victim to directly visit the URL of the maliciously uploaded SVG, and the application would have to be using local storage where uploaded files are served under the same domain as the application itself instead of a CDN. This is because all SVGs in Winter CMS are rendered through an `img` tag, which prevents any payloads from being executed directly. These two factors significantly limit the potential harm of this vulnerability. This issue has been patched in v1.2.3 through the inclusion of full support for SVG uploads and automatic sanitization of uploaded SVG files. As a workaround, one may apply the patches manually.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-08T02:17:52.000000Z"}]}