{"vulnerability": "CVE-2020-1926", "sightings": [{"uuid": "1412b109-0d29-438c-97d2-266430a64a16", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-19265", "type": "seen", "source": "https://t.me/cibsecurity/28630", "content": "\u203c CVE-2020-19265 \u203c\n\nA stored cross-site scripting (XSS) vulnerability in the index.php/Dswjcms/Basis/links component of Dswjcms 1.6.4 allows attackers to execute arbitrary web scripts or HTML.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-09T22:30:23.000000Z"}, {"uuid": "c8bc4789-bbc5-4b4b-925e-5458c5c54f25", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-19266", "type": "seen", "source": "https://t.me/cibsecurity/28629", "content": "\u203c CVE-2020-19266 \u203c\n\nA stored cross-site scripting (XSS) vulnerability in the index.php/Dswjcms/Site/articleList component of Dswjcms 1.6.4 allows attackers to execute arbitrary web scripts or HTML.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-09T22:30:22.000000Z"}, {"uuid": "2c81d988-763b-44ae-9bb5-b913fca39f51", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-19264", "type": "seen", "source": "https://t.me/cibsecurity/28617", "content": "\u203c CVE-2020-19264 \u203c\n\nA cross-site request forgery (CSRF) in MipCMS v5.0.1 allows attackers to arbitrarily add users via index.php?s=/user/ApiAdminUser/itemAdd.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-09T22:29:53.000000Z"}, {"uuid": "cb4ef0b7-2d54-4a28-a709-8e545030b58a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-19268", "type": "seen", "source": "https://t.me/cibsecurity/28616", "content": "\u203c CVE-2020-19268 \u203c\n\nA cross-site request forgery (CSRF) in index.php/Dswjcms/User/tfAdd of Dswjcms 1.6.4 allows authenticated attackers to arbitrarily add administrator users.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-09T22:29:51.000000Z"}, {"uuid": "c4320ace-2f44-4242-ba69-1b834c435110", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1926", "type": "seen", "source": "https://t.me/cibsecurity/24945", "content": "\u203c CVE-2020-1926 \u203c\n\nApache Hive cookie signature verification used a non constant time comparison which is known to be vulnerable to timing attacks. This could allow recovery of another users cookie signature. The issue was addressed in Apache Hive 2.3.8\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-03-16T15:30:42.000000Z"}]}