{"vulnerability": "CVE-2024-1320", "sightings": [{"uuid": "3f4be646-2039-4808-98fb-54f8b434b895", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13202", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113795995107554875", "content": "", "creation_timestamp": "2025-01-09T02:18:06.114309Z"}, {"uuid": "62350e8b-6d42-40d6-95d7-d7d8c5328d83", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13200", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113795995079379830", "content": "", "creation_timestamp": "2025-01-09T02:18:06.270890Z"}, {"uuid": "9b675db3-1655-4bcc-a625-503cb6a33f63", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13201", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113795995093581480", "content": "", "creation_timestamp": "2025-01-09T02:18:06.360225Z"}, {"uuid": "3fc544b9-1249-44f4-87eb-4ba7d96d7701", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13203", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113795995121279689", "content": "", "creation_timestamp": "2025-01-09T02:18:07.322342Z"}, {"uuid": "7f6b5d33-c9f1-4c8d-a005-b744b9e0145e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13204", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113796054122582855", "content": "", "creation_timestamp": "2025-01-09T02:33:06.487620Z"}, {"uuid": "07937dc5-aca7-4afa-b4d3-5995e4b45105", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13205", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113796152684603958", "content": "", "creation_timestamp": "2025-01-09T02:58:10.675557Z"}, {"uuid": "163c3daa-10aa-4dd6-98b2-0b25630413b4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13200", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfbpmhwosg2k", "content": "", "creation_timestamp": "2025-01-09T03:15:46.341250Z"}, {"uuid": "e2d9c0da-749f-4c9d-9459-3ef651c6ec06", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13201", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfbpmkz3zq22", "content": "", "creation_timestamp": "2025-01-09T03:15:49.456034Z"}, {"uuid": "5a61b6cd-2ee1-4e6b-8604-ef072c30ad9b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13202", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfbpmnbq5l2d", "content": "", "creation_timestamp": "2025-01-09T03:15:51.861263Z"}, {"uuid": "edb7f510-5df0-42f9-bee4-8cdefd1b067f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13203", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfbpmprx4w2l", "content": "", "creation_timestamp": "2025-01-09T03:15:54.482174Z"}, {"uuid": "10dd8680-4df3-4ce2-a4ef-a4a687068c36", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13204", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfbpms6l5d2f", "content": "", "creation_timestamp": "2025-01-09T03:15:57.049313Z"}, {"uuid": "4ca48e63-5d18-4aee-82e9-b1a5d8756933", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13205", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfbpmukoe42a", "content": "", "creation_timestamp": "2025-01-09T03:15:59.718757Z"}, {"uuid": "867773d1-caf6-449d-8f20-a30ee08a57f6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13206", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113796243048510811", "content": "", "creation_timestamp": "2025-01-09T03:21:09.380523Z"}, {"uuid": "08191fc6-4ddc-497f-a0db-ddfa3eecfd76", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13209", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113796243062953907", "content": "", "creation_timestamp": "2025-01-09T03:21:09.643393Z"}, {"uuid": "241b51d3-1fe4-455e-ac4f-96eabd84bb3b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13202", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lfbqvjola52k", "content": "", "creation_timestamp": "2025-01-09T03:38:44.046855Z"}, {"uuid": "b2c5c001-d5d9-4276-9676-16413e1825bd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13205", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lfbqvjy7hu2q", "content": "", "creation_timestamp": "2025-01-09T03:38:44.646318Z"}, {"uuid": "5a8f0115-b06a-4fb9-95be-4ee742435b2e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13200", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lfbqvk5y5y25", "content": "", "creation_timestamp": "2025-01-09T03:38:45.188103Z"}, {"uuid": "4be36f5a-8e4f-4c55-9a67-e7752b16ebcb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13201", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lfbqvkbhfk2g", "content": "", "creation_timestamp": "2025-01-09T03:38:45.688591Z"}, {"uuid": "74cd1a86-5f57-4d16-ad4d-3105cc94d927", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13204", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lfbqvkhh4v2k", "content": "", "creation_timestamp": "2025-01-09T03:38:46.353182Z"}, {"uuid": "36830377-380d-4885-bd54-f238f3271b2a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13203", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lfbqvkn4lg2k", "content": "", "creation_timestamp": "2025-01-09T03:38:47.020844Z"}, {"uuid": "2175e383-01c3-4701-875c-122e08517037", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13206", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfbsxeknhc2a", "content": "", "creation_timestamp": "2025-01-09T04:15:33.330509Z"}, {"uuid": "a267f405-04de-47be-a035-b5185e278e9f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13209", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfbsxhbets2a", "content": "", "creation_timestamp": "2025-01-09T04:15:35.876044Z"}, {"uuid": "e356403f-50f8-4906-9432-3ae49676bb1b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13209", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lfbuaw7fbg2b", "content": "", "creation_timestamp": "2025-01-09T04:38:47.569347Z"}, {"uuid": "e0e5e798-5cd0-464c-a16a-51eb6196cc53", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13205", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/874", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13205\n\ud83d\udd39 Description: A vulnerability was found in kurniaramadhan E-Commerce-PHP 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/create_product.php of the component Create Product Page. The manipulation of the argument Name leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.\n\ud83d\udccf Published: 2025-01-09T02:31:04.629Z\n\ud83d\udccf Modified: 2025-01-09T02:31:04.629Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.290798\n2. https://vuldb.com/?ctiid.290798\n3. https://vuldb.com/?submit.471233\n4. https://www.websecurityinsights.my.id/2024/12/ecommerce-php-by-kurniaramadhan-sql.html?m=1", "creation_timestamp": "2025-01-09T03:12:54.000000Z"}, {"uuid": "7ca5b835-99ae-4b74-b52f-e19c3ed9ad04", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13200", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/879", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13200\n\ud83d\udd39 Description: A vulnerability, which was classified as critical, was found in wander-chu SpringBoot-Blog 1.0. This affects the function preHandle of the file src/main/java/com/my/blog/website/interceptor/BaseInterceptor.java of the component HTTP POST Request Handler. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.\n\ud83d\udccf Published: 2025-01-09T01:00:14.956Z\n\ud83d\udccf Modified: 2025-01-09T01:00:14.956Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.290793\n2. https://vuldb.com/?ctiid.290793\n3. https://vuldb.com/?submit.470902\n4. https://github.com/wander-chu/SpringBoot-Blog/issues/4\n5. https://github.com/wander-chu/SpringBoot-Blog/issues/4#issue-2761636207", "creation_timestamp": "2025-01-09T03:13:16.000000Z"}, {"uuid": "8701587f-7e0f-482a-9143-c575f60d23e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13203", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/876", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13203\n\ud83d\udd39 Description: A vulnerability was found in kurniaramadhan E-Commerce-PHP 1.0. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way.\n\ud83d\udccf Published: 2025-01-09T02:00:15.952Z\n\ud83d\udccf Modified: 2025-01-09T02:00:15.952Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.290796\n2. https://vuldb.com/?ctiid.290796\n3. https://www.websecurityinsights.my.id/2024/12/ecommerce-php-by-kurniaramadhan-sql.html?m=1", "creation_timestamp": "2025-01-09T03:13:02.000000Z"}, {"uuid": "ac84b9d7-be85-4d12-9663-1788ad5d1ffc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13204", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/875", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13204\n\ud83d\udd39 Description: A vulnerability was found in kurniaramadhan E-Commerce-PHP 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /blog-details.php. The manipulation of the argument blog_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.\n\ud83d\udccf Published: 2025-01-09T02:00:17.765Z\n\ud83d\udccf Modified: 2025-01-09T02:00:17.765Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.290797\n2. https://vuldb.com/?ctiid.290797\n3. https://www.websecurityinsights.my.id/2024/12/ecommerce-php-by-kurniaramadhan-sql.html?m=1", "creation_timestamp": "2025-01-09T03:12:59.000000Z"}, {"uuid": "5d6026de-fdb7-4538-9c07-6e94795f12c4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13202", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/877", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13202\n\ud83d\udd39 Description: A vulnerability was found in wander-chu SpringBoot-Blog 1.0 and classified as problematic. This issue affects the function modifiyArticle of the file src/main/java/com/my/blog/website/controller/admin/PageController.java of the component Blog Article Handler. The manipulation of the argument content leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.\n\ud83d\udccf Published: 2025-01-09T01:31:06.386Z\n\ud83d\udccf Modified: 2025-01-09T01:31:06.386Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.290795\n2. https://vuldb.com/?ctiid.290795\n3. https://vuldb.com/?submit.470914\n4. https://github.com/wander-chu/SpringBoot-Blog/issues/7\n5. https://github.com/wander-chu/SpringBoot-Blog/issues/7#issue-2761643235", "creation_timestamp": "2025-01-09T03:13:06.000000Z"}, {"uuid": "30f81df0-d0a1-4907-8319-0db62ba413e7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13208", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/4534", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13208\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The Maps Plugin using Google Maps for WordPress  WordPress plugin before 1.9.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).\n\ud83d\udccf Published: 2025-02-15T06:30:51Z\n\ud83d\udccf Modified: 2025-02-15T06:30:51Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-13208\n2. https://wpscan.com/vulnerability/f86d4f64-208f-407f-8d2c-a89b5e0ac777", "creation_timestamp": "2025-02-15T07:11:13.000000Z"}, {"uuid": "553416d6-d010-424f-8fb9-5daf34d92dd1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13208", "type": "seen", "source": "https://t.me/cvedetector/18160", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13208 - Google Maps for WordPress Stored Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13208 \nPublished : Feb. 15, 2025, 6:15 a.m. | 1\u00a0hour, 2\u00a0minutes ago \nDescription : The Maps Plugin using Google Maps for WordPress  WordPress plugin before 1.9.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"15 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-15T08:30:32.000000Z"}, {"uuid": "5d67a270-e8d8-4b49-8378-d0296fe6cbb3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1320", "type": "seen", "source": "https://t.me/ctinow/203815", "content": "https://ift.tt/vyWcRHQ\nCVE-2024-1320", "creation_timestamp": "2024-03-09T08:26:44.000000Z"}, {"uuid": "8c5b2382-ed26-4639-a6f8-813498ee2018", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13208", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/114006395679188174", "content": "", "creation_timestamp": "2025-02-15T06:05:43.852003Z"}, {"uuid": "66b19f0e-a3ac-477d-8253-c3dd657ef45e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13208", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3li72wrpebe2o", "content": "", "creation_timestamp": "2025-02-15T06:15:59.040318Z"}, {"uuid": "362802da-7175-4a3b-ae5c-97db80b5654b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13208", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3li7eegsmwb2a", "content": "", "creation_timestamp": "2025-02-15T09:04:41.094613Z"}, {"uuid": "8e495aec-94ba-42db-88e8-174142724556", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13207", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmtofrv2ux2a", "content": "", "creation_timestamp": "2025-04-15T08:38:24.761490Z"}, {"uuid": "fa69b81b-06c2-416c-86f9-7262595c4544", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13201", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/878", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13201\n\ud83d\udd39 Description: A vulnerability has been found in wander-chu SpringBoot-Blog 1.0 and classified as critical. This vulnerability affects the function upload of the file src/main/java/com/my/blog/website/controller/admin/AttachtController.java of the component Admin Attachment Handler. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.\n\ud83d\udccf Published: 2025-01-09T01:31:04.761Z\n\ud83d\udccf Modified: 2025-01-09T01:31:04.761Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.290794\n2. https://vuldb.com/?ctiid.290794\n3. https://vuldb.com/?submit.470910\n4. https://github.com/wander-chu/SpringBoot-Blog/issues/6\n5. https://github.com/wander-chu/SpringBoot-Blog/issues/6#issue-2761640788", "creation_timestamp": "2025-01-09T03:13:12.000000Z"}, {"uuid": "845cc08c-a591-492a-9c90-0df82b60cbb2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13206", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/963", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13206\n\ud83d\udd39 Description: A vulnerability classified as critical has been found in REVE Antivirus 1.0.0.0 on Linux. This affects an unknown part of the file /usr/local/reveantivirus/tmp/reveinstall. The manipulation leads to incorrect default permissions. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.\n\ud83d\udccf Published: 2025-01-09T03:00:09.484Z\n\ud83d\udccf Modified: 2025-01-09T15:58:14.785Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.290799\n2. https://vuldb.com/?ctiid.290799\n3. https://vuldb.com/?submit.471160\n4. https://github.com/hawkteam404/RnD_Public/blob/main/reve_av_multiple_vuln.md", "creation_timestamp": "2025-01-09T16:16:08.000000Z"}, {"uuid": "69e134ee-69d2-4c60-8e28-fd9b0e8c4ae4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13209", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/964", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13209\n\ud83d\udd39 Description: A vulnerability was found in Redaxo CMS 5.18.1. It has been classified as problematic. Affected is an unknown function of the file /index.php?page=structure&category_id=1&article_id=1&clang=1&function=edit_art&artstart=0 of the component Structure Management Page. The manipulation of the argument Article Name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.\n\ud83d\udccf Published: 2025-01-09T03:00:15.362Z\n\ud83d\udccf Modified: 2025-01-09T15:50:00.953Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.290814\n2. https://vuldb.com/?ctiid.290814\n3. https://vuldb.com/?submit.466396\n4. https://geochen.medium.com/redaxo-cms-5-18-1-cross-site-scripting-7c9a872c72f6", "creation_timestamp": "2025-01-09T16:17:20.000000Z"}, {"uuid": "3617476e-8c35-43a7-841c-1c7c4aedfd8a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13207", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/11773", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13207\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The Widget for Social Page Feeds WordPress plugin before 6.4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).\n\ud83d\udccf Published: 2025-04-15T06:00:06.042Z\n\ud83d\udccf Modified: 2025-04-15T06:00:06.042Z\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/c3e27fa2-b6dd-48eb-83ec-99dc034eff38/", "creation_timestamp": "2025-04-15T06:54:48.000000Z"}, {"uuid": "5168f822-349b-441d-8814-fb4e6e52de26", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13207", "type": "seen", "source": "https://t.me/cvedetector/22925", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13207 - \"Widget for Social Page Feeds WordPress Stored Cross-Site Scripting\"\", \n  \"Content\": \"CVE ID : CVE-2024-13207 \nPublished : April 15, 2025, 6:15 a.m. | 42\u00a0minutes ago \nDescription : The Widget for Social Page Feeds WordPress plugin before 6.4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"15 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-15T09:04:49.000000Z"}, {"uuid": "dee9f433-e0e1-461d-ae3a-9222cdf76dac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13206", "type": "seen", "source": "https://t.me/cvedetector/14777", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13206 - REVE Antivirus Local File Permission Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13206 \nPublished : Jan. 9, 2025, 4:15 a.m. | 38\u00a0minutes ago \nDescription : A vulnerability classified as critical has been found in REVE Antivirus 1.0.0.0 on Linux. This affects an unknown part of the file /usr/local/reveantivirus/tmp/reveinstall. The manipulation leads to incorrect default permissions. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. \nSeverity: 7.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"09 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-09T06:02:48.000000Z"}, {"uuid": "0a4f867f-c9d2-4eb3-b574-b6df043b5bc6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13209", "type": "seen", "source": "https://t.me/cvedetector/14775", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13209 - Redaxo CMS Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13209 \nPublished : Jan. 9, 2025, 4:15 a.m. | 38\u00a0minutes ago \nDescription : A vulnerability was found in Redaxo CMS 5.18.1. It has been classified as problematic. Affected is an unknown function of the file /index.php?page=structure&category_id=1&article_id=1&clang=1&function=edit_art&artstart=0 of the component Structure Management Page. The manipulation of the argument Article Name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. \nSeverity: 2.4 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"09 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-09T06:02:47.000000Z"}, {"uuid": "1c2c7060-dda0-4914-8bd7-29f352a7b96d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13200", "type": "seen", "source": "https://t.me/cvedetector/14768", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13200 - Wander-Chu SpringBoot-Blog Remote Improper Access Control Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13200 \nPublished : Jan. 9, 2025, 3:15 a.m. | 38\u00a0minutes ago \nDescription : A vulnerability, which was classified as critical, was found in wander-chu SpringBoot-Blog 1.0. This affects the function preHandle of the file src/main/java/com/my/blog/website/interceptor/BaseInterceptor.java of the component HTTP POST Request Handler. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. \nSeverity: 7.3 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"09 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-09T05:12:35.000000Z"}, {"uuid": "46924856-8a04-4dfc-857f-0a551fb25486", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13205", "type": "seen", "source": "https://t.me/cvedetector/14767", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13205 - Kurniaramadhan E-Commerce-PHP SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13205 \nPublished : Jan. 9, 2025, 3:15 a.m. | 38\u00a0minutes ago \nDescription : A vulnerability was found in kurniaramadhan E-Commerce-PHP 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/create_product.php of the component Create Product Page. The manipulation of the argument Name leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"09 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-09T05:12:31.000000Z"}, {"uuid": "b6d598b3-a74b-444f-8c55-f2cf2bdeec9f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13203", "type": "seen", "source": "https://t.me/cvedetector/14766", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13203 - \"Kurniaramadhan E-Commerce-PHP CSRF\"\", \n  \"Content\": \"CVE ID : CVE-2024-13203 \nPublished : Jan. 9, 2025, 3:15 a.m. | 38\u00a0minutes ago \nDescription : A vulnerability was found in kurniaramadhan E-Commerce-PHP 1.0. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"09 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-09T05:12:31.000000Z"}, {"uuid": "3f444e8e-701d-45e3-828e-d7630ceb7854", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13202", "type": "seen", "source": "https://t.me/cvedetector/14765", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13202 - Wander-Chu SpringBoot-Blog Cross-Site Scripting\", \n  \"Content\": \"CVE ID : CVE-2024-13202 \nPublished : Jan. 9, 2025, 3:15 a.m. | 38\u00a0minutes ago \nDescription : A vulnerability was found in wander-chu SpringBoot-Blog 1.0 and classified as problematic. This issue affects the function modifiyArticle of the file src/main/java/com/my/blog/website/controller/admin/PageController.java of the component Blog Article Handler. The manipulation of the argument content leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. \nSeverity: 2.4 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"09 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-09T05:12:30.000000Z"}, {"uuid": "3693e33f-9f15-4bc5-9b76-75ab3361bff2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13204", "type": "seen", "source": "https://t.me/cvedetector/14764", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13204 - Kurniaramadhan E-Commerce-PHP SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13204 \nPublished : Jan. 9, 2025, 3:15 a.m. | 38\u00a0minutes ago \nDescription : A vulnerability was found in kurniaramadhan E-Commerce-PHP 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /blog-details.php. The manipulation of the argument blog_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. \nSeverity: 5.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"09 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-09T05:12:29.000000Z"}, {"uuid": "c8f3d1fb-b65c-4f25-92c0-047343d067b9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13201", "type": "seen", "source": "https://t.me/cvedetector/14763", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13201 - \"Wander-Chu SpringBoot-Blog Unrestricted File Upload Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-13201 \nPublished : Jan. 9, 2025, 3:15 a.m. | 38\u00a0minutes ago \nDescription : A vulnerability has been found in wander-chu SpringBoot-Blog 1.0 and classified as critical. This vulnerability affects the function upload of the file src/main/java/com/my/blog/website/controller/admin/AttachtController.java of the component Admin Attachment Handler. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. \nSeverity: 4.7 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"09 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-09T05:12:29.000000Z"}, {"uuid": "51928a10-eef7-4918-b9aa-25220a1d0be5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13208", "type": "seen", "source": "Telegram/esHqqm9H7E4FP6iznoRr92zAfx-gmowpFWlmngdX1K5DrOAG", "content": "", "creation_timestamp": "2025-02-15T23:50:18.000000Z"}, {"uuid": "cd367859-cef6-4935-a467-7c6ccfec01c9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1320", "type": "seen", "source": "https://t.me/ctinow/203821", "content": "https://ift.tt/vyWcRHQ\nCVE-2024-1320", "creation_timestamp": "2024-03-09T08:26:53.000000Z"}, {"uuid": "af795048-8b51-4c87-9fc1-9590e0fb230d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-13209", "type": "published-proof-of-concept", "source": "https://github.com/redaxo/core/security/advisories/GHSA-7wj8-856p-qc9m", "content": "", "creation_timestamp": "2025-02-10T13:49:06.000000Z"}]}