{"vulnerability": "CVE-2021-4253", "sightings": [{"uuid": "7ef76e96-ddba-4308-b7e4-ae7fc820d4df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42537", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/12253", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2021-42537\n\ud83d\udd25 CVSS Score: 5.9 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N)\n\ud83d\udd39 Description: VISAM VBASE version 11.6.0.6 processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.\n\ud83d\udccf Published: 2022-07-27T20:20:22.000Z\n\ud83d\udccf Modified: 2025-04-17T15:50:48.868Z\n\ud83d\udd17 References:\n1. https://www.cisa.gov/uscert/ics/advisories/icsa-21-308-01", "creation_timestamp": "2025-04-17T15:57:31.000000Z"}, {"uuid": "0f69b954-336b-4299-bd0a-ab46e6e08b94", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-4253", "type": "seen", "source": "https://t.me/cibsecurity/54827", "content": "\u203c CVE-2021-4253 \u203c\n\nA vulnerability, which was classified as problematic, was found in ctrlo lenio. Affected is an unknown function in the library lib/Lenio.pm of the component Ticket Handler. The manipulation of the argument site_id leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is 7a1f90bd2a0ce95b8338ec0926902da975ec64d9. It is recommended to apply a patch to fix this issue. VDB-216210 is the identifier assigned to this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-19T00:41:06.000000Z"}, {"uuid": "cd3f811d-1225-4a05-8d0c-0a6e1740365d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42535", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/12257", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2021-42535\n\ud83d\udd25 CVSS Score: 5.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N)\n\ud83d\udd39 Description: VISAM VBASE version 11.6.0.6 does not neutralize or incorrectly neutralizes user-controllable input before the data is placed in output used as a public-facing webpage.\n\ud83d\udccf Published: 2022-07-27T20:21:04.000Z\n\ud83d\udccf Modified: 2025-04-17T15:50:12.708Z\n\ud83d\udd17 References:\n1. https://www.cisa.gov/uscert/ics/advisories/icsa-21-308-01", "creation_timestamp": "2025-04-17T15:57:37.000000Z"}, {"uuid": "ec8355aa-b955-450b-8e05-fa8dd5429ea6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42536", "type": "seen", "source": "https://t.me/cibsecurity/31045", "content": "\u203c CVE-2021-42536 \u203c\n\nThe affected product is vulnerable to a disclosure of peer username and password by allowing all users access to read global variables.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-22T18:39:26.000000Z"}, {"uuid": "9ae54b5d-df5d-40f8-bf41-4231de052d77", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42535", "type": "seen", "source": "https://t.me/cibsecurity/47139", "content": "\u203c CVE-2021-42535 \u203c\n\nVISAM VBASE version 11.6.0.6 does not neutralize or incorrectly neutralizes user-controllable input before the data is placed in output used as a public-facing webpage.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-28T00:36:53.000000Z"}, {"uuid": "433f3d1e-215d-43d3-affc-d2e206d99c3d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42537", "type": "seen", "source": "https://t.me/cibsecurity/47138", "content": "\u203c CVE-2021-42537 \u203c\n\nVISAM VBASE version 11.6.0.6 processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-28T00:36:52.000000Z"}, {"uuid": "6b43be89-7df2-401a-ba0f-fb0ec9e179ed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42532", "type": "seen", "source": "https://t.me/cibsecurity/41790", "content": "\u203c CVE-2021-42532 \u203c\n\nXMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-21T06:42:43.000000Z"}, {"uuid": "c8d208fe-407f-4578-a784-9ea14a8c31c5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42531", "type": "seen", "source": "https://t.me/cibsecurity/41785", "content": "\u203c CVE-2021-42531 \u203c\n\nXMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-03T02:28:16.000000Z"}, {"uuid": "b4498293-1114-4c05-a1b0-26dcf7a55507", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42530", "type": "seen", "source": "https://t.me/cibsecurity/41778", "content": "\u203c CVE-2021-42530 \u203c\n\nXMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-21T06:42:53.000000Z"}, {"uuid": "659ac054-dc7f-4efe-a462-b0a031766551", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42534", "type": "seen", "source": "https://t.me/cibsecurity/31042", "content": "\u203c CVE-2021-42534 \u203c\n\nThe affected product\u00e2\u20ac\u2122s web application does not properly neutralize the input during webpage generation, which could allow an attacker to inject code in the input forms.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-22T18:39:20.000000Z"}, {"uuid": "8d950f80-2942-4617-b991-f37836b8768d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42538", "type": "seen", "source": "https://t.me/cibsecurity/31038", "content": "\u203c CVE-2021-42538 \u203c\n\nThe affected product is vulnerable to a parameter injection via passphrase, which enables the attacker to supply uncontrolled input.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-22T18:39:16.000000Z"}, {"uuid": "ea639555-fac0-4f1a-af1b-529325c32174", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42539", "type": "seen", "source": "https://t.me/cibsecurity/31036", "content": "\u203c CVE-2021-42539 \u203c\n\nThe affected product is vulnerable to a missing permission validation on system backup restore, which could lead to account take over and unapproved settings change.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-22T18:39:14.000000Z"}]}