{"vulnerability": "cve-2023-38435", "sightings": [{"uuid": "5af212a8-73e8-4880-a1a1-6904f425e569", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-38435", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/4320", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-38435\n\ud83d\udd25 CVSS Score: 6.2 (CVSS_V3)\n\ud83d\udd39 Description: An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Apache Felix Healthcheck Webconsole Plugin version 2.0.2 and prior may allow an attacker to perform a reflected cross-site scripting (XSS) attack.\n\nUpgrade to Apache Felix Healthcheck Webconsole Plugin 2.1.0 or higher.\n\ud83d\udccf Published: 2023-07-25T18:30:32Z\n\ud83d\udccf Modified: 2025-02-13T19:02:06Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2023-38435\n2. https://github.com/apache/felix-dev/commit/c4e67520e0a4499389342491869919a6c42ed62c\n3. https://github.com/apache/felix-dev\n4. https://lists.apache.org/thread/r3blhp3onr4rdbkgdyglqnccg0v79pfv\n5. http://seclists.org/fulldisclosure/2023/Jul/43\n6. http://www.openwall.com/lists/oss-security/2023/07/25/10", "creation_timestamp": "2025-02-13T19:18:37.000000Z"}, {"uuid": "cd7ccef2-944b-477a-b732-2b2315442194", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-38435", "type": "seen", "source": "https://t.me/cibsecurity/67253", "content": "\u203c CVE-2023-38435 \u203c\n\nAn improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Apache Felix Healthcheck Webconsole Plugin version 2.0.2 and prior may allow an attacker to perform a reflected cross-site scripting (XSS) attack.Upgrade to Apache Felix Healthcheck Webconsole Plugin 2.1.0 or higher.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-25T20:26:58.000000Z"}]}