{"vulnerability": "CVE-2023-4957", "sightings": [{"uuid": "55e11389-b53e-4c5c-8a45-a599996f66e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-49572", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/17109", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-49572\n\ud83d\udd25 CVSS Score: 7.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14, and in Disk Pulse Enterprise\u00a010.4.18 version, that could allow an attacker to execute persistent XSS through /setup_odbc in odbc_data_source, odbc_user and odbc_password parameters. This vulnerability could allow an attacker to store malicious JavaScript payloads on the system to be triggered when the page loads.\n\ud83d\udccf Published: 2024-05-24T12:39:32.532Z\n\ud83d\udccf Modified: 2025-05-21T11:25:06.488Z\n\ud83d\udd17 References:\n1. https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-flexense-vx-search-enterprise", "creation_timestamp": "2025-05-21T11:47:32.000000Z"}, {"uuid": "9f77bc85-6bb4-48d5-b38d-6bc55d78f9e0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-49570", "type": "seen", "source": "https://t.me/cvedetector/8310", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2023-49570 - \"Bitdefender Total Security HTTPS Certificate Trust Vulnerability (Certificate Authority Misissuance)\"\", \n  \"Content\": \"CVE ID : CVE-2023-49570 \nPublished : Oct. 18, 2024, 9:15 a.m. | 29\u00a0minutes ago \nDescription : A vulnerability has been identified in Bitdefender Total Security HTTPS scanning functionality where the software trusts a certificate issued by an entity that isn't authorized to issue certificates. This occurs when the \"Basic Constraints\" extension in the certificate indicates that it is meant to be an \"End Entity\u201d. This flaw could allow an attacker to perform a Man-in-the-Middle (MITM) attack, intercepting and potentially altering communications between the user and the website. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-18T11:54:11.000000Z"}, {"uuid": "d659af0e-e3cd-4f88-bd13-59923604c9b0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-49575", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/17108", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-49575\n\ud83d\udd25 CVSS Score: 7.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14, in\u00a0Sync Breeze Enterprise Server 10.4.18 version, and in\u00a0Disk Pulse Enterprise\u00a010.4.18 version, that could allow an attacker to execute persistent XSS through /setup_smtp in smtp_server, smtp_user, smtp_password and smtp_email_address parameters. This vulnerability could allow an attacker to store malicious JavaScript payloads on the system to be triggered when the page loads.\n\ud83d\udccf Published: 2024-05-24T12:40:24.398Z\n\ud83d\udccf Modified: 2025-05-21T11:26:56.297Z\n\ud83d\udd17 References:\n1. https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-flexense-vx-search-enterprise", "creation_timestamp": "2025-05-21T11:47:22.000000Z"}, {"uuid": "7818c146-62f6-43e9-b06a-e21004656838", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-4957", "type": "seen", "source": "https://t.me/cibsecurity/72106", "content": "\u203c CVE-2023-4957 \u203c\n\nA vulnerability of authentication bypass has been found on a Zebra Technologies ZTC ZT410-203dpi ZPL printer. This vulnerability allows an attacker that is in the same network as the printer, to change the username and password for the Web Page by sending a specially crafted POST request to the setvarsResults.cgi file. For this vulnerability to be exploitable, the printers protected mode must be disabled.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-11T18:23:58.000000Z"}]}