{"vulnerability": "CVE-2023-3970", "sightings": [{"uuid": "615fefdc-3f24-41ef-84ae-f1dca4353e55", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-39707", "type": "seen", "source": "https://t.me/cibsecurity/69226", "content": "\u203c CVE-2023-39707 \u203c\n\nA stored cross-site scripting (XSS) vulnerability in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Add Expense parameter under the Expense section.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-26T00:14:47.000000Z"}, {"uuid": "60cb1128-37cc-4354-a6c9-31b4d1137837", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-39703", "type": "seen", "source": "https://t.me/cibsecurity/69647", "content": "\u203c CVE-2023-39703 \u203c\n\nA cross site scripting (XSS) vulnerability in the Markdown Editor component of Typora v1.6.7 allows attackers to execute arbitrary code via uploading a crafted Markdown file.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-01T16:15:06.000000Z"}, {"uuid": "a0fbbae6-c4cb-43bd-bbf6-da87b9a63324", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-39709", "type": "seen", "source": "https://t.me/cibsecurity/69306", "content": "\u203c CVE-2023-39709 \u203c\n\nMultiple cross-site scripting (XSS) vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name, Address, and Company parameters under the Add Member section.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-31T09:02:07.000000Z"}, {"uuid": "ca98fd81-4842-49b5-88a6-d8c76a5660d5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-39708", "type": "seen", "source": "https://t.me/cibsecurity/69299", "content": "\u203c CVE-2023-39708 \u203c\n\nA stored cross-site scripting (XSS) vulnerability in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Add New parameter under the New Buy section.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-28T18:16:43.000000Z"}, {"uuid": "51f1dfc0-0ce3-4dee-90a8-ec08528a3091", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-3970", "type": "seen", "source": "https://t.me/cibsecurity/67316", "content": "\u203c CVE-2023-3970 \u203c\n\nA vulnerability, which was classified as problematic, was found in GZ Scripts Availability Booking Calendar PHP 1.0. This affects an unknown part of the file /index.php?controller=GzUser&action=edit&id=1 of the component Image Handler. The manipulation of the argument img leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-235569 was assigned to this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-27T16:28:32.000000Z"}]}