https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Sat, 30 May 2026 23:13:00 +0000 https://vulnerability.circl.lu/sighting/7287aa91-09cd-4e0a-b41b-ad293d45207e/export {"uuid": "7287aa91-09cd-4e0a-b41b-ad293d45207e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-55451", "type": "seen", "source": "https://t.me/cvedetector/13053", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-55451 - UJCMS Stored Cross-Site Scripting (XSS)\", \n \"Content\": \"CVE ID : CVE-2024-55451 \nPublished : Dec. 16, 2024, 11:15 p.m. | 34\u00a0minutes ago \nDescription : A Stored Cross-Site Scripting (XSS) vulnerability exists in authenticated SVG file upload and viewing functionality in UJCMS 9.6.3. The vulnerability arises from insufficient sanitization of embedded attributes in uploaded SVG files. When a maliciously crafted SVG file is viewed by other backend users, it allows authenticated attackers to execute arbitrary JavaScript in the context of other backend users' browsers, potentially leading to the theft of sensitive tokens. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"17 Dec 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-17T00:53:55.000000Z"} {"uuid": "7287aa91-09cd-4e0a-b41b-ad293d45207e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-55451", "type": "seen", "source": "https://t.me/cvedetector/13053", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-55451 - UJCMS Stored Cross-Site Scripting (XSS)\", \n \"Content\": \"CVE ID : CVE-2024-55451 \nPublished : Dec. 16, 2024, 11:15 p.m. | 34\u00a0minutes ago \nDescription : A Stored Cross-Site Scripting (XSS) vulnerability exists in authenticated SVG file upload and viewing functionality in UJCMS 9.6.3. The vulnerability arises from insufficient sanitization of embedded attributes in uploaded SVG files. When a maliciously crafted SVG file is viewed by other backend users, it allows authenticated attackers to execute arbitrary JavaScript in the context of other backend users' browsers, potentially leading to the theft of sensitive tokens. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"17 Dec 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-17T00:53:55.000000Z"} https://vulnerability.circl.lu/sighting/7287aa91-09cd-4e0a-b41b-ad293d45207e/export Tue, 17 Dec 2024 00:53:55 +0000