{"vulnerability": "cve-2025-2358", "sightings": [{"uuid": "95f1880d-a29b-43e7-a7c5-5fba7d509773", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23588", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lhbtlodoar2t", "content": "", "creation_timestamp": "2025-02-03T15:17:17.541098Z"}, {"uuid": "72bea65e-c4e4-429f-b870-17b4596fe12b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23582", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lhbtlm3rhr2t", "content": "", "creation_timestamp": "2025-02-03T15:17:15.443626Z"}, {"uuid": "c884eb18-69a5-4147-9f9f-8fade26f49fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23581", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lhbtljuvuq2b", "content": "", "creation_timestamp": "2025-02-03T15:17:13.519350Z"}, {"uuid": "67d12b5c-b025-4f4d-b696-ab859e548103", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23583", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgdo3lkqs42r", "content": "", "creation_timestamp": "2025-01-22T15:18:57.055150Z"}, {"uuid": "7d498d92-9c1c-438e-b1b5-4676a9744a77", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23589", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgdo3ogzgh2p", "content": "", "creation_timestamp": "2025-01-22T15:18:59.926990Z"}, {"uuid": "96bacee6-2f91-4917-a83c-9af093750689", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23580", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/2458", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-23580\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Matthew Garvin BizLibrary allows Reflected XSS. This issue affects BizLibrary: from n/a through 1.1.\n\ud83d\udccf Published: 2025-01-21T17:21:50.545Z\n\ud83d\udccf Modified: 2025-01-21T18:43:02.380Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/bizlibrary/vulnerability/wordpress-bizlibrary-plugin-1-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-01-21T19:01:57.000000Z"}, {"uuid": "9d5247ce-4398-40e0-b146-edd495a5c937", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23585", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/6456", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-23585\n\ud83d\udd25 CVSS Score: 7.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CantonBolo Goo.gl Url Shorter allows Reflected XSS. This issue affects Goo.gl Url Shorter: from n/a through 1.0.1.\n\ud83d\udccf Published: 2025-03-03T13:30:13.556Z\n\ud83d\udccf Modified: 2025-03-04T21:47:35.681Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/googl-url-shorter/vulnerability/wordpress-goo-gl-url-shorter-plugin-1-0-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-03-04T22:33:28.000000Z"}, {"uuid": "bce25512-6432-4074-9e05-7f099ffbb5d0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23584", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/6455", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-23584\n\ud83d\udd25 CVSS Score: 7.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Pin Locations on Map allows Reflected XSS. This issue affects Pin Locations on Map: from n/a through 1.0.\n\ud83d\udccf Published: 2025-03-03T13:30:13.361Z\n\ud83d\udccf Modified: 2025-03-04T21:47:58.687Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/pin-locations-on-map/vulnerability/wordpress-pin-locations-on-map-plugin-1-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-03-04T22:33:27.000000Z"}, {"uuid": "ae2dd8f3-097f-499f-964e-a1c9c74d3f12", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2358", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/7733", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-2358\n\ud83d\udd25 CVSS Score: 5.3 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: A vulnerability was found in Shenzhen Mingyuan Cloud Technology Mingyuan Real Estate ERP System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /Kfxt/Service.asmx of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.\n\ud83d\udccf Published: 2025-03-17T03:00:12.128Z\n\ud83d\udccf Modified: 2025-03-17T03:00:12.128Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.299825\n2. https://vuldb.com/?ctiid.299825\n3. https://vuldb.com/?submit.513708\n4. https://flowus.cn/share/fa5b99da-2e88-4efd-9266-ae8582782eaa?code=HC3R4E", "creation_timestamp": "2025-03-17T03:47:13.000000Z"}, {"uuid": "2abfa624-a59f-4ec2-b23a-2a77d51dadf8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2358", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lkkgy3a2sb26", "content": "", "creation_timestamp": "2025-03-17T05:41:07.892086Z"}, {"uuid": "358ccf45-88a4-4529-ad36-583b41bc6be9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23589", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/2634", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-23589\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound ContentOptin Lite allows Reflected XSS. This issue affects ContentOptin Lite: from n/a through 1.1.\n\ud83d\udccf Published: 2025-01-22T14:29:14.984Z\n\ud83d\udccf Modified: 2025-01-22T19:51:52.902Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/contentoptin/vulnerability/wordpress-contentoptin-lite-plugin-1-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-01-22T20:02:01.000000Z"}, {"uuid": "192a6f07-21a9-45c9-b466-c2c64cbd1af7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23583", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/2633", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-23583\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Explara Explara Membership allows Reflected XSS. This issue affects Explara Membership: from n/a through 0.0.7.\n\ud83d\udccf Published: 2025-01-22T14:29:14.826Z\n\ud83d\udccf Modified: 2025-01-22T19:52:08.157Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/explara-membership/vulnerability/wordpress-explara-membership-plugin-0-0-7-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-01-22T20:02:00.000000Z"}, {"uuid": "a8eaa299-1ca9-4bab-81e1-bc28f724fad2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2358", "type": "seen", "source": "https://t.me/cvedetector/20432", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-2358 - Shenzhen Mingyuan Cloud Technology Mingyuan Real Estate ERP System HTTP Header Handler SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-2358 \nPublished : March 17, 2025, 3:15 a.m. | 2\u00a0hours, 14\u00a0minutes ago \nDescription : A vulnerability was found in Shenzhen Mingyuan Cloud Technology Mingyuan Real Estate ERP System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /Kfxt/Service.asmx of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. \nSeverity: 6.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"17 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-17T07:25:48.000000Z"}, {"uuid": "f158e401-a9b9-4edc-9ec0-fb0fa235cc56", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23580", "type": "seen", "source": "https://t.me/cvedetector/15991", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-23580 - BizLibrary Cross-site Scripting (XSS)\", \n  \"Content\": \"CVE ID : CVE-2025-23580 \nPublished : Jan. 21, 2025, 6:15 p.m. | 37\u00a0minutes ago \nDescription : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Matthew Garvin BizLibrary allows Reflected XSS. This issue affects BizLibrary: from n/a through 1.1. \nSeverity: 7.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"21 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-21T20:19:14.000000Z"}, {"uuid": "91c6198b-3b86-431b-b160-63f4d34a266e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23580", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113867645386484267", "content": "", "creation_timestamp": "2025-01-21T17:59:42.425554Z"}, {"uuid": "05d972e5-e07e-41cc-a216-cfaa23f84fbb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23580", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgbhjxqkfs2s", "content": "", "creation_timestamp": "2025-01-21T18:16:23.957691Z"}, {"uuid": "ac97a66b-a130-490b-9b21-ae8f2eb3a340", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23580", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lgbptfklqw2i", "content": "", "creation_timestamp": "2025-01-21T20:44:50.424979Z"}, {"uuid": "aace10ea-7f27-42d4-bd71-6864f8392772", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23581", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113940767419373507", "content": "", "creation_timestamp": "2025-02-03T15:55:36.149252Z"}, {"uuid": "33976d2b-9571-465e-8590-2bda6e866c74", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23582", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113940767434916791", "content": "", "creation_timestamp": "2025-02-03T15:55:36.430064Z"}, {"uuid": "99147f6c-a763-436c-bb46-e2c7cab3abc8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23588", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113940767449251496", "content": "", "creation_timestamp": "2025-02-03T15:55:36.794286Z"}]}