{"vulnerability": "cve-2024-3831", "sightings": [{"uuid": "9d0ef872-9c2d-47fc-9b1e-aad31e59b8bf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-38318", "type": "seen", "source": "https://t.me/cvedetector/17339", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-38318 - IBM Aspera Shares HTML Injection\", \n  \"Content\": \"CVE ID : CVE-2024-38318 \nPublished : Feb. 5, 2025, 11:15 p.m. | 1\u00a0hour, 1\u00a0minute ago \nDescription : IBM Aspera Shares\u00a01.9.0 through 1.10.0 PL6 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. \nSeverity: 4.8 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"06 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-06T01:50:47.000000Z"}, {"uuid": "0504e90f-cae3-480e-966b-50deb123b940", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-38317", "type": "seen", "source": "https://t.me/cvedetector/17338", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-38317 - IBM Aspera Shares Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-38317 \nPublished : Feb. 5, 2025, 11:15 p.m. | 1\u00a0hour, 1\u00a0minute ago \nDescription : IBM Aspera Shares\u00a01.9.0 through 1.10.0 PL6  is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. \nSeverity: 4.8 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"06 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-06T01:50:46.000000Z"}, {"uuid": "87ce5aa0-25fc-48ea-a31b-1833978f739f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-38316", "type": "seen", "source": "Telegram/2SNlLz07o6wDwdeSH8vAMAY9sQ0_yAWGlKGa4uPKOHTnugCm", "content": "", "creation_timestamp": "2025-03-08T04:34:12.000000Z"}, {"uuid": "e491a6ea-09a4-4de6-89eb-2715fc8ab322", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-38316", "type": "seen", "source": "Telegram/kjZ3YD0Kc_tK1oWL6WwxSIB20kpz4lIMpQEzY6sfIjCo8qGI", "content": "", "creation_timestamp": "2025-02-06T02:44:21.000000Z"}, {"uuid": "23fb04f8-24e9-48e7-9b44-fa235ae5d806", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-38317", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/5054", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-38317\n\ud83d\udd25 CVSS Score: 4.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: IBM Aspera Shares\u00a01.9.0 through 1.10.0 PL6  is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.\n\ud83d\udccf Published: 2025-02-05T22:43:49.501Z\n\ud83d\udccf Modified: 2025-02-22T20:55:52.211Z\n\ud83d\udd17 References:\n1. https://www.ibm.com/support/pages/node/7182490", "creation_timestamp": "2025-02-22T21:25:54.000000Z"}, {"uuid": "27573a92-f688-4169-944b-0e308ca40bc8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-38318", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/5053", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-38318\n\ud83d\udd25 CVSS Score: 4.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: IBM Aspera Shares\u00a01.9.0 through 1.10.0 PL6 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.\n\ud83d\udccf Published: 2025-02-05T22:49:18.237Z\n\ud83d\udccf Modified: 2025-02-22T20:56:28.409Z\n\ud83d\udd17 References:\n1. https://www.ibm.com/support/pages/node/7182490", "creation_timestamp": "2025-02-22T21:25:53.000000Z"}, {"uuid": "8b0d8451-a203-48e0-8008-48850f9ad8de", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-38316", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/5055", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-38316\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)\n\ud83d\udd39 Description: IBM Aspera Shares 1.9.0 through 1.10.0 PL6 does not properly rate limit the frequency that an authenticated user can send emails, which could result in email flooding or a denial of service.\n\ud83d\udccf Published: 2025-02-05T22:30:35.881Z\n\ud83d\udccf Modified: 2025-02-22T20:55:15.673Z\n\ud83d\udd17 References:\n1. https://www.ibm.com/support/pages/node/7182490", "creation_timestamp": "2025-02-22T21:25:54.000000Z"}, {"uuid": "f1a1485a-6b74-4903-bcb3-00c0ceb8ad63", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-38311", "type": "seen", "source": "https://t.me/cvedetector/19702", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-38311 - Apache Traffic Server Input Validation Bypass Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-38311 \nPublished : March 6, 2025, 12:15 p.m. | 1\u00a0hour, 52\u00a0minutes ago \nDescription : Improper Input Validation vulnerability in Apache Traffic Server.  \n  \nThis issue affects Apache Traffic Server: from 8.0.0 through 8.1.11, from 9.0.0 through 9.2.8, from 10.0.0 through 10.0.3.  \n  \nUsers are recommended to upgrade to version 9.2.9 or 10.0.4, which fixes the issue. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"06 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-06T15:30:46.000000Z"}, {"uuid": "7f2838c6-6aee-49dd-a7ca-5925e953ba82", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-38314", "type": "seen", "source": "https://t.me/cvedetector/8827", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-38314 - IBM Maximo Application Suite Monitor Component Cryptographic Key Disclosure Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-38314 \nPublished : Oct. 24, 2024, 6:15 p.m. | 41\u00a0minutes ago \nDescription : IBM Maximo Application Suite - Monitor Component 8.10, 8.11, and 9.0 could disclose information in the form of the hard-coded cryptographic key to an attacker that has compromised environment. \nSeverity: 5.9 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"24 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-24T21:00:23.000000Z"}, {"uuid": "453efd78-bcc1-4ac4-a417-345b3d8796bf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-38316", "type": "seen", "source": "Telegram/O43jIyb2Nz9-Zp6hi3AR75bybZalwpfJR0N1pIwGK1Ob4udD", "content": "", "creation_timestamp": "2025-02-23T17:38:05.000000Z"}, {"uuid": "83411e6c-d450-4957-aeef-85ee94cc4198", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-38316", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113953653930708689", "content": "", "creation_timestamp": "2025-02-05T22:32:48.677123Z"}, {"uuid": "1f21da70-88c6-4206-b84c-5b7a5dccb3bc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-38316", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lhhpbx6rpd2j", "content": "", "creation_timestamp": "2025-02-05T23:16:15.108578Z"}, {"uuid": "362f0681-9252-451a-8156-8dd45f5e44b0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-38317", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lhhpbzweme2c", "content": "", "creation_timestamp": "2025-02-05T23:16:17.823913Z"}, {"uuid": "530f4aa6-0a66-4759-a6ca-83f0ab584e9e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-38318", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lhhpc4c6cj2p", "content": "", "creation_timestamp": "2025-02-05T23:16:20.263076Z"}, {"uuid": "8d87cf38-0c67-4a46-a3aa-a6c7783f5d99", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-38311", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114115902257488846", "content": "", "creation_timestamp": "2025-03-06T14:14:42.218923Z"}, {"uuid": "d381ec17-9909-4b66-b0f7-03db0b809504", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-38315", "type": "seen", "source": "https://t.me/cvedetector/5727", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-38315 - IBM Aspera Shares Authentication Bypass\", \n  \"Content\": \"CVE ID : CVE-2024-38315 \nPublished : Sept. 16, 2024, 3:15 p.m. | 33\u00a0minutes ago \nDescription : IBM Aspera Shares 1.0 through 1.10.0 PL3 does not invalidate session after a password reset which could allow an authenticated user to impersonate another user on the system. \nSeverity: 6.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"16 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-16T17:52:02.000000Z"}, {"uuid": "3ce8d8c1-e513-40f2-bc50-39d5d0f10b1f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-38318", "type": "seen", "source": "Telegram/Ej6MQ-glRp9fQg_Jm-ic5xXh4jY95S2OjkPGuR_P_UKxmR51", "content": "", "creation_timestamp": "2025-02-06T02:44:21.000000Z"}, {"uuid": "f63e6dd2-4e9c-4003-beea-bf389b33cfe3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-38317", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113953711407713975", "content": "", "creation_timestamp": "2025-02-05T22:47:25.809390Z"}, {"uuid": "aa2ba8a1-124d-429e-86ff-881a0e5b2fa4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-38318", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113953733858372054", "content": "", "creation_timestamp": "2025-02-05T22:53:08.284629Z"}, {"uuid": "47bfedc3-fb69-4fac-8763-686d3dc2db16", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-38310", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lhz7bv3jln2h", "content": "", "creation_timestamp": "2025-02-12T22:17:48.016890Z"}, {"uuid": "7df2de99-00af-41e7-8424-054afda8a784", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-38310", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/113993354965682047", "content": "", "creation_timestamp": "2025-02-12T22:49:19.848135Z"}, {"uuid": "317e0311-31c8-46d7-8901-7fe1a46f0d3a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-38310", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113993567116209702", "content": "", "creation_timestamp": "2025-02-12T23:43:15.722560Z"}, {"uuid": "a5c4473a-d779-4a31-8dbd-e658d4666c83", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-38310", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lhzj6p7g5t2v", "content": "", "creation_timestamp": "2025-02-13T01:14:59.732765Z"}, {"uuid": "22791ba9-ca1b-4e6e-ab71-9d42328cc147", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-38316", "type": "seen", "source": "https://t.me/cvedetector/17342", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-38316 - IBM Aspera Shares Rate Limiting Email Flood Denial of Service\", \n  \"Content\": \"CVE ID : CVE-2024-38316 \nPublished : Feb. 5, 2025, 11:15 p.m. | 1\u00a0hour, 1\u00a0minute ago \nDescription : IBM Aspera Shares\u00a01.9.0 through 1.10.0 PL6 does not properly rate limit the frequency that an authenticated user can send emails, which could result in email flooding or a denial of service. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"06 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-06T01:50:52.000000Z"}, {"uuid": "1c852356-71e8-4c25-ab50-55aba82d97b5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-38317", "type": "seen", "source": "Telegram/9pa7lwsdld35jzygAJpfDNSmBHqdcesI74GD5RD21RHnAvdF", "content": "", "creation_timestamp": "2025-02-06T02:44:21.000000Z"}, {"uuid": "6cec3130-ccbf-4864-bbbc-14ae225477f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-3831", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3227", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-3831\n\ud83d\udd25 CVSS Score: 6.2 (CVSS_V3)\n\ud83d\udd39 Description: The Enter Addons \u2013 Ultimate Template Builder for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Heading widget in all versions up to, and including, 2.1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.\n\ud83d\udccf Published: 2024-05-14T18:30:53Z\n\ud83d\udccf Modified: 2025-01-28T03:31:13Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-3831\n2. https://wordpress.org/plugins/enteraddons\n3. https://www.wordfence.com/threat-intel/vulnerabilities/id/62a4dd6a-f970-483e-b1a8-d57f604b7b66?source=cve", "creation_timestamp": "2025-01-28T04:09:31.000000Z"}, {"uuid": "2f40f4ed-d104-4215-b9d9-cc30bde492ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-38311", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ljptl2avit2f", "content": "", "creation_timestamp": "2025-03-06T15:44:38.492776Z"}]}