{"vulnerability": "cve-2025-2346", "sightings": [{"uuid": "5ea1d571-1c68-4357-a0c7-49d8134c705d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23463", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113840074793330544", "content": "", "creation_timestamp": "2025-01-16T21:08:08.804989Z"}, {"uuid": "8e442cf4-12f0-44ff-afc3-d1a14c2116a2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23467", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113840074807499852", "content": "", "creation_timestamp": "2025-01-16T21:08:08.956688Z"}, {"uuid": "cdcef55b-0d98-4b28-a459-5a3120be9920", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23463", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfv3wykhmb2r", "content": "", "creation_timestamp": "2025-01-16T20:16:59.611254Z"}, {"uuid": "9c83213b-f992-439a-867b-01eab6139f72", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23467", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfv3x376e52p", "content": "", "creation_timestamp": "2025-01-16T20:17:01.930394Z"}, {"uuid": "08f4407b-355d-49bb-8c43-498333eac117", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23461", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113867586334004364", "content": "", "creation_timestamp": "2025-01-21T17:44:53.243014Z"}, {"uuid": "1959c089-c93e-4407-9851-008844e22ed6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23461", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgbhjobnvb2r", "content": "", "creation_timestamp": "2025-01-21T18:16:13.968685Z"}, {"uuid": "107377c6-c463-4cf7-91db-8c34a0c4d690", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23462", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgdnzyomfm2f", "content": "", "creation_timestamp": "2025-01-22T15:18:03.670065Z"}, {"uuid": "891b60b1-ef5a-4932-b3c2-4b65243bd271", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2346", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lkjlu3j2nf2m", "content": "", "creation_timestamp": "2025-03-16T21:35:43.525268Z"}, {"uuid": "5eed8cfd-92de-4d7f-8d0e-6cfc47cc8f3a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23469", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mb6dadx4ko2r", "content": "", "creation_timestamp": "2025-12-30T02:41:40.915201Z"}, {"uuid": "2bd81a96-3a1f-4fdb-b022-752d0426b8f6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23469", "type": "seen", "source": "https://gist.github.com/Darkcrai86/92a60a81b8d0ccfc3481a636ce6efb74", "content": "", "creation_timestamp": "2025-12-30T12:41:38.000000Z"}, {"uuid": "10627cb6-b40b-40d0-8b85-03982bc34801", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23461", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/2454", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-23461\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Andrea Dotta, Jacopo Campani, di xkoll.com Social2Blog allows Reflected XSS. This issue affects Social2Blog: from n/a through 0.2.990.\n\ud83d\udccf Published: 2025-01-21T17:21:49.882Z\n\ud83d\udccf Modified: 2025-01-21T18:43:34.173Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/social2blog/vulnerability/wordpress-social2blog-plugin-0-2-990-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-01-21T19:01:54.000000Z"}, {"uuid": "63d7e3bf-a41c-4614-87b0-a34d4fa925a3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23462", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/2545", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-23462\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound FWD Slider allows Reflected XSS. This issue affects FWD Slider: from n/a through 1.0.\n\ud83d\udccf Published: 2025-01-22T14:31:56.871Z\n\ud83d\udccf Modified: 2025-01-22T14:44:11.044Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/fwd-slider/vulnerability/wordpress-fwd-slider-plugin-1-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-01-22T15:03:06.000000Z"}, {"uuid": "a021cae8-26ad-4b47-8a90-9f1af08dec04", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23465", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/6235", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-23465\n\ud83d\udd25 CVSS Score: 7.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Vampire Character Manager allows Reflected XSS. This issue affects Vampire Character Manager: from n/a through 2.13.\n\ud83d\udccf Published: 2025-03-03T13:30:04.544Z\n\ud83d\udccf Modified: 2025-03-03T16:01:38.243Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/vampire-character/vulnerability/wordpress-vampire-character-manager-plugin-2-13-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-03-03T16:30:41.000000Z"}, {"uuid": "6e8ea03a-69bc-4602-81a2-b00dda6d21d7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23464", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/6234", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-23464\n\ud83d\udd25 CVSS Score: 7.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Twitter News Feed allows Reflected XSS. This issue affects Twitter News Feed: from n/a through 1.1.1.\n\ud83d\udccf Published: 2025-03-03T13:30:04.374Z\n\ud83d\udccf Modified: 2025-03-03T16:01:44.398Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/twitter-news-feed/vulnerability/wordpress-twitter-news-feed-plugin-1-1-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-03-03T16:30:40.000000Z"}, {"uuid": "e41a2a8d-d92e-49e8-b3dc-5c144d63efa6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23468", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/6236", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-23468\n\ud83d\udd25 CVSS Score: 7.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Essay Wizard (wpCRES) allows Reflected XSS. This issue affects Essay Wizard (wpCRES): from n/a through 1.0.6.4.\n\ud83d\udccf Published: 2025-03-03T13:30:04.710Z\n\ud83d\udccf Modified: 2025-03-03T16:01:31.717Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/essay-wizard-wpcres/vulnerability/wordpress-essay-wizard-wpcres-plugin-1-0-6-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-03-03T16:30:42.000000Z"}, {"uuid": "318edefb-b4b8-46f7-8336-982e280dda94", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2346", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/7721", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-2346\n\ud83d\udd25 CVSS Score: 6.3 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: A vulnerability has been found in IROAD Dash Cam X5 and Dash Cam X6 up to 20250308 and classified as problematic. This vulnerability affects unknown code of the component Domain Handler. The manipulation of the argument Domain Name leads to origin validation error. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult.\n\ud83d\udccf Published: 2025-03-16T20:00:11.895Z\n\ud83d\udccf Modified: 2025-03-16T20:00:11.895Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.299812\n2. https://vuldb.com/?ctiid.299812\n3. https://github.com/geo-chen/IROAD?tab=readme-ov-file#finding-6-public-domain-used-for-internal-domain-name", "creation_timestamp": "2025-03-16T20:49:09.000000Z"}, {"uuid": "cbef6e8f-478b-4167-b99d-8f7c834ce478", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2346", "type": "seen", "source": "https://t.me/cvedetector/20416", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-2346 - IROAD Dash Cam X5 and X6 Cross-Site Scripting (XSS) Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-2346 \nPublished : March 16, 2025, 8:15 p.m. | 54\u00a0minutes ago \nDescription : A vulnerability has been found in IROAD Dash Cam X5 and Dash Cam X6 up to 20250308 and classified as problematic. This vulnerability affects unknown code of the component Domain Handler. The manipulation of the argument Domain Name leads to origin validation error. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. \nSeverity: 5.6 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"16 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-16T22:13:47.000000Z"}, {"uuid": "8cb794fd-3f39-476c-aab6-749e1aa947cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23461", "type": "seen", "source": "https://t.me/cvedetector/15996", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-23461 - Andrea Dotta, Jacopo Campani, xkoll.com Social2Blog Cross-site Scripting (XSS)\", \n  \"Content\": \"CVE ID : CVE-2025-23461 \nPublished : Jan. 21, 2025, 6:15 p.m. | 37\u00a0minutes ago \nDescription : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Andrea Dotta, Jacopo Campani, di xkoll.com Social2Blog allows Reflected XSS. This issue affects Social2Blog: from n/a through 0.2.990. \nSeverity: 7.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"21 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-21T20:19:21.000000Z"}]}