{"vulnerability": "CVE-2023-3730", "sightings": [{"uuid": "c209d58d-452d-4364-9932-7014d83d3a4e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-37302", "type": "seen", "source": "https://t.me/cibsecurity/65804", "content": "\u203c CVE-2023-37302 \u203c\n\nAn issue was discovered in SiteLinksView.php in Wikibase in MediaWiki through 1.39.3. There is XSS via a crafted badge title attribute. This is also related to lack of escaping in wbTemplate (from resources/wikibase/templates.js) for quotes (which can be in a title attribute).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-06-30T20:15:17.000000Z"}, {"uuid": "bcbbd685-8489-42f9-b529-76daa212c7ed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-37306", "type": "seen", "source": "https://t.me/arpsyndicate/2412", "content": "#ExploitObserverAlert\n\nCVE-2023-37306\n\nDESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-37306. MISP 2.4.172 mishandles different certificate file extensions in server sync. An attacker can obtain sensitive information because of the nature of the error messages.\n\nFIRST-EPSS: 0.000590000\nNVD-IS: 3.6\nNVD-ES: 3.9", "creation_timestamp": "2024-01-04T02:51:49.000000Z"}, {"uuid": "929721f7-e6e6-4ed6-8e77-e3227ace7c16", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-37308", "type": "seen", "source": "https://t.me/cibsecurity/66184", "content": "\u203c CVE-2023-37308 \u203c\n\nZoho ManageEngine ADAudit Plus before 7100 allows XSS via the username field.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-07T16:11:13.000000Z"}, {"uuid": "fbab9cc1-a97e-4daa-bac2-072715a1a99e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-37300", "type": "seen", "source": "https://t.me/cibsecurity/65811", "content": "\u203c CVE-2023-37300 \u203c\n\nAn issue was discovered in the CheckUserLog API in the CheckUser extension for MediaWiki through 1.39.3. There is incorrect access control for visibility of hidden users.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-06-30T20:15:30.000000Z"}, {"uuid": "0a320f98-9a32-45b7-bd2a-89d0152e6ebe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-37306", "type": "seen", "source": "https://t.me/cibsecurity/65809", "content": "\u203c CVE-2023-37306 \u203c\n\nMISP 2.4.172 mishandles different certificate file extensions in server sync. An attacker can obtain sensitive information because of the nature of the error messages.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-06-30T20:15:25.000000Z"}, {"uuid": "92a38744-4908-4f8f-91fa-2cd0f10cbead", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-37305", "type": "seen", "source": "https://t.me/cibsecurity/65807", "content": "\u203c CVE-2023-37305 \u203c\n\nAn issue was discovered in the ProofreadPage (aka Proofread Page) extension for MediaWiki through 1.39.3. In includes/Page/PageContentHandler.php and includes/Page/PageDisplayHandler.php, hidden users can be exposed via public interfaces.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-06-30T20:15:24.000000Z"}, {"uuid": "f3caa3af-5024-497f-b876-8d84aef3bd71", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-37307", "type": "seen", "source": "https://t.me/cibsecurity/65806", "content": "\u203c CVE-2023-37307 \u203c\n\nIn MISP before 2.4.172, title_for_layout is not properly sanitized in Correlations, CorrelationExclusions, and Layouts.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-06-30T20:15:23.000000Z"}, {"uuid": "9a7f2e49-78a2-41a5-9034-81bb782ebeb1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-37301", "type": "seen", "source": "https://t.me/cibsecurity/65805", "content": "\u203c CVE-2023-37301 \u203c\n\nAn issue was discovered in SubmitEntityAction in Wikibase in MediaWiki through 1.39.3. Because it doesn't use EditEntity for undo and restore, the intended interaction with AbuseFilter does not occur.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-06-30T20:15:21.000000Z"}, {"uuid": "9aa026e5-a797-4358-86b6-68498f42228a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-37304", "type": "seen", "source": "https://t.me/cibsecurity/65802", "content": "\u203c CVE-2023-37304 \u203c\n\nAn issue was discovered in the DoubleWiki extension for MediaWiki through 1.39.3. includes/DoubleWiki.php allows XSS via the column alignment feature.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-06-30T20:15:16.000000Z"}, {"uuid": "f6f91512-756b-4f69-8d21-f7f51676b4c2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-37303", "type": "seen", "source": "https://t.me/cibsecurity/65800", "content": "\u203c CVE-2023-37303 \u203c\n\nAn issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. In certain situations, an attempt to block a user fails after a temporary browser hang and a DBQueryDisconnectedError error message.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-06-30T20:15:13.000000Z"}]}