{"vulnerability": "CVE-2021-4368", "sightings": [{"uuid": "bfe909b3-36ef-4f08-9f7a-e299b08e558d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-43683", "type": "seen", "source": "https://t.me/cibsecurity/33254", "content": "\u203c CVE-2021-43683 \u203c\n\npictshare v1.5 is affected by a Cross Site Scripting (XSS) vulnerability in api/info.php. The exit function will terminate the script and print the message which has $_REQUEST['hash'].\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-02T16:43:23.000000Z"}, {"uuid": "3b02b22f-2608-4c40-879d-c75c827301e7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-43686", "type": "seen", "source": "https://t.me/cibsecurity/33253", "content": "\u203c CVE-2021-43686 \u203c\n\nnZEDb v0.4.20 is affected by a Cross Site Scripting (XSS) vulnerability in www/pages/api.php. The exit function will terminate the script and print the message which has the input $_GET['t'].\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-02T16:43:22.000000Z"}, {"uuid": "60e43f2a-bcfa-4ea1-af59-d8fea31ee484", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-43685", "type": "seen", "source": "https://t.me/cibsecurity/33203", "content": "\u203c CVE-2021-43685 \u203c\n\nlibretime hv3.0.0-alpha.10 is affected by a path manipulation vulnerability in /blob/master/legacy/application/modules/rest/controllers/ShowImageController.php through the rename function.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-01T18:39:59.000000Z"}, {"uuid": "1658d7ea-8470-4e04-8f36-1542e5f04e85", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-43689", "type": "seen", "source": "https://t.me/cibsecurity/33202", "content": "\u203c CVE-2021-43689 \u203c\n\nmanage (last update Oct 24, 2017) is affected by is affected by a Cross Site Scripting (XSS) vulnerability in Application/Home/Controller/GoodsController.class.php. The exit function will terminate the script and print a message which have values from $_POST.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-01T18:39:58.000000Z"}, {"uuid": "605f2aa2-3d7b-42ac-9aa2-07303a7b979f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-43687", "type": "seen", "source": "https://t.me/cibsecurity/33212", "content": "\u203c CVE-2021-43687 \u203c\n\nchamilo-lms v1.11.14 is affected by a Cross Site Scripting (XSS) vulnerability in /plugin/jcapture/applet.php if an attacker passes a message hex2bin in the cookie.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-01T18:40:09.000000Z"}, {"uuid": "adbc66e0-c093-44cf-9c13-39daae30f2f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-43681", "type": "seen", "source": "https://t.me/cibsecurity/33252", "content": "\u203c CVE-2021-43681 \u203c\n\nSakuraPanel v1.0.1.1 is affected by a Cross Site Scripting (XSS) vulnerability in /master/core/PostHandler.php. The exit function will terminate the script and print the message $data['proxy_name'].\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-02T16:43:21.000000Z"}, {"uuid": "6c624ac5-0fb6-4b82-90d1-d2f0b7a2ebe8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-43682", "type": "seen", "source": "https://t.me/cibsecurity/33251", "content": "\u203c CVE-2021-43682 \u203c\n\nthinkphp-bjyblog (last update Jun 4 2021) is affected by a Cross Site Scripting (XSS) vulnerability in AdminBaseController.class.php. The exit function will terminate the script and print the message to the user which has $_SERVER['HTTP_HOST'].\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-02T16:43:19.000000Z"}]}