{"vulnerability": "cve-2023-4918", "sightings": [{"uuid": "946088ad-ad4e-4888-a409-05694ca5e42c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-49186", "type": "seen", "source": "https://gist.github.com/Darkcrai86/c6d2bcedcc4d020885161cc357dd31ef", "content": "", "creation_timestamp": "2026-01-05T14:28:00.000000Z"}, {"uuid": "e8e59a7b-0ad1-42ad-919e-fa9624e67a30", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-49186", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mboub2rg7s2u", "content": "", "creation_timestamp": "2026-01-05T16:28:54.390026Z"}, {"uuid": "fd777bb6-24c8-4251-81b6-b3b5d49b0291", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-4918", "type": "seen", "source": "https://t.me/cibsecurity/70343", "content": "\u203c CVE-2023-4918 \u203c\n\nA flaw was found in the Keycloak package, more specifically org.keycloak.userprofile. When a user registers itself through registration flow, the \"password\" and \"password-confirm\" field from the form will occur as regular user attributes. All users and clients with proper rights and roles are able to read users attributes, allowing a malicious user with minimal access to retrieve the users passwords in clear text, jeopardizing their environment.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-13T00:23:09.000000Z"}, {"uuid": "ab27454e-31d1-474d-ac6d-cc9fc62dbdae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-49188", "type": "seen", "source": "https://t.me/ctinow/166579", "content": "https://ift.tt/68TcrmD\nCVE-2023-49188 | ZealousWeb Track Geolocation of Users Using Contact Form 7 Plugin cross site scripting", "creation_timestamp": "2024-01-11T15:52:13.000000Z"}, {"uuid": "ffa4199b-63ea-40b6-af43-6ed1f05c6ef6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-49180", "type": "seen", "source": "https://t.me/ctinow/166577", "content": "https://ift.tt/dq697TF\nCVE-2023-49180 | Ternstyle Automatic Youtube Video Posts Plugin up to 5.2.2 on WordPress cross site scripting", "creation_timestamp": "2024-01-11T15:52:11.000000Z"}, {"uuid": "80e88581-5f32-4a12-8d79-07cb261d92bf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-49189", "type": "seen", "source": "https://t.me/ctinow/166586", "content": "https://ift.tt/KMPbJdu\nCVE-2023-49189 | Getsocial Social Share Buttons & Analytics Plugin up to 4.3.12 on WordPress cross site scripting", "creation_timestamp": "2024-01-11T15:52:22.000000Z"}, {"uuid": "18f0470c-be33-426c-a91b-b8824e409ddd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-49181", "type": "seen", "source": "https://t.me/ctinow/166536", "content": "https://ift.tt/2oVwEXs\nCVE-2023-49181 | WP Event Manager Plugin up to 3.1.40 on WordPress cross site scripting", "creation_timestamp": "2024-01-11T14:27:34.000000Z"}]}