https://vulnerability.circl.lu/sightings/feedMost recent sightings.2026-05-07T06:15:24.944014+00:00Vulnerability-Lookupinfo@circl.lupython-feedgenContains only the most 10 recent sightings.https://vulnerability.circl.lu/sighting/21cccc20-3034-496a-9353-2a59b04788ef/export21cccc20-3034-496a-9353-2a59b04788ef2026-05-07T06:15:25.406549+00:00Automation userhttp://vulnerability.circl.lu/user/automation{"uuid": "21cccc20-3034-496a-9353-2a59b04788ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39926", "type": "seen", "source": "https://t.me/cvedetector/5644", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-39926 - \"Vaultwarden HTML Injection/Vulnerability\"\", \n \"Content\": \"CVE ID : CVE-2024-39926 \nPublished : Sept. 13, 2024, 6:15 p.m. | 39\u00a0minutes ago \nDescription : An issue was discovered in Vaultwarden (formerly Bitwarden_RS) 1.30.3. A stored cross-site scripting (XSS) or, due to the default CSP, HTML injection vulnerability has been discovered in the admin dashboard. This potentially allows an authenticated attacker to inject malicious code into the dashboard, which is then executed or rendered in the context of an administrator's browser when viewing the injected content. However, it is important to note that the default Content Security Policy (CSP) of the application blocks most exploitation paths, significantly mitigating the potential impact. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"13 Sep 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-13T21:19:00.000000Z"}2024-09-13T21:19:00+00:00https://vulnerability.circl.lu/sighting/ad0f8b7c-174c-4b5f-ae00-4f2f7a5160e5/exportad0f8b7c-174c-4b5f-ae00-4f2f7a5160e52026-05-07T06:15:25.402407+00:00Automation userhttp://vulnerability.circl.lu/user/automation{"uuid": "ad0f8b7c-174c-4b5f-ae00-4f2f7a5160e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39926", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/1014", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-39926\n\ud83d\udd39 Description: An issue was discovered in Vaultwarden (formerly Bitwarden_RS) 1.30.3. A stored cross-site scripting (XSS) or, due to the default CSP, HTML injection vulnerability has been discovered in the admin dashboard. This potentially allows an authenticated attacker to inject malicious code into the dashboard, which is then executed or rendered in the context of an administrator's browser when viewing the injected content. However, it is important to note that the default Content Security Policy (CSP) of the application blocks most exploitation paths, significantly mitigating the potential impact.\n\ud83d\udccf Published: 2024-09-13T00:00:00\n\ud83d\udccf Modified: 2025-01-09T17:34:10.932Z\n\ud83d\udd17 References:\n1. https://github.com/dani-garcia/vaultwarden/blob/1.30.3/src/static/scripts/admin_users.js#L201\n2. https://github.com/dani-garcia/vaultwarden/releases/tag/1.32.0\n3. https://www.mgm-sp.com/cve/html-injection-in-vaultwarden", "creation_timestamp": "2025-01-09T18:21:02.000000Z"}2025-01-09T18:21:02+00:00