{"vulnerability": "CVE-2024-2438", "sightings": [{"uuid": "eb47e1fc-13c8-4440-b14a-13e99b6890c5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-24389", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9228", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-24389\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A cross-site scripting (XSS) vulnerability in XunRuiCMS up to v4.6.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Add Column Name parameter.\n\ud83d\udccf Published: 2024-03-07T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-27T21:02:47.978Z\n\ud83d\udd17 References:\n1. https://j11zuc9f0h2.feishu.cn/docx/TXRmdIcH3ocn1WxuEQBcNPpjnLe", "creation_timestamp": "2025-03-27T21:27:56.000000Z"}, {"uuid": "3438597d-3c9b-4ad2-963d-5840b9086009", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-24386", "type": "published-proof-of-concept", "source": "Telegram/vOnFw-tbLHXYYB-E0PtL8udwSbsTwJfbnnja3d_osVpsMw", "content": "", "creation_timestamp": "2024-02-16T04:14:29.000000Z"}, {"uuid": "c1d1b1ac-72e7-44e8-8d1f-8956ff32f565", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-24386", "type": "published-proof-of-concept", "source": "https://t.me/Teamx1945x/6860", "content": "https://github.com/erick-duarte/CVE-2024-24386\n\nVitalPBX - CVE-2024-24386\n#github #exploit #poc", "creation_timestamp": "2024-06-08T00:13:08.000000Z"}, {"uuid": "5ad44429-679e-4126-897c-09cb7afc8952", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2438", "type": "seen", "source": "https://t.me/ctinow/207610", "content": "https://ift.tt/Ll6wrYd\nCVE-2024-2438", "creation_timestamp": "2024-03-14T10:27:12.000000Z"}, {"uuid": "34e16ac5-ef2d-4e49-8177-ec6ab9a97d2d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-24389", "type": "seen", "source": "https://t.me/ctinow/202028", "content": "https://ift.tt/3rqMd1v\nCVE-2024-24389", "creation_timestamp": "2024-03-07T03:32:11.000000Z"}, {"uuid": "253de69b-9262-4d02-9581-353f8912ba73", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-24389", "type": "seen", "source": "https://t.me/ctinow/202024", "content": "https://ift.tt/3rqMd1v\nCVE-2024-24389", "creation_timestamp": "2024-03-07T03:26:40.000000Z"}, {"uuid": "f2b3e913-6d3c-435c-a6a7-8cb07ab46dd8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2438", "type": "seen", "source": "https://t.me/ctinow/207603", "content": "https://ift.tt/Ll6wrYd\nCVE-2024-2438", "creation_timestamp": "2024-03-14T10:27:00.000000Z"}, {"uuid": "44a8a253-890a-4cb3-84d8-b821eedbfc82", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-24386", "type": "seen", "source": "https://t.me/ctinow/185362", "content": "https://ift.tt/AB1vXqz\nCVE-2024-24386", "creation_timestamp": "2024-02-15T09:26:47.000000Z"}, {"uuid": "e56ab00d-f67a-4844-ba62-4c69007dd9d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-24388", "type": "seen", "source": "https://t.me/ctinow/192787", "content": "https://ift.tt/zP5HiYd\nCVE-2024-24388 | XunRuiCMS up to 4.6.2 Background Login cross site scripting", "creation_timestamp": "2024-02-25T09:11:31.000000Z"}, {"uuid": "6311ed52-9374-4f60-b945-d61c34835f43", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-24386", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/1986", "content": "https://github.com/erick-duarte/CVE-2024-24386\n\nVitalPBX - CVE-2024-24386\n#github #exploit #poc", "creation_timestamp": "2024-02-16T04:19:21.000000Z"}, {"uuid": "c006ecc9-58a4-408e-b8d4-7d82f21d2e91", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-24388", "type": "seen", "source": "https://t.me/ctinow/178035", "content": "https://ift.tt/LRBpClQ\nCVE-2024-24388", "creation_timestamp": "2024-02-02T11:31:53.000000Z"}, {"uuid": "3ae817e8-74c7-41c5-9159-1fefe31da59b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-24388", "type": "seen", "source": "https://t.me/ctinow/181686", "content": "https://ift.tt/zGwUVrv\nCVE-2024-24388 Exploit", "creation_timestamp": "2024-02-08T23:16:46.000000Z"}, {"uuid": "0c7899b8-3e62-41d6-a448-2fd566c0fe6a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-24386", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/9977", "content": "#exploit\n1. CVE-2024-23749:\nCommand Injection in KiTTY Get Remote File Through SCP Input\nhttps://blog.defcesco.io/CVE-2024-23749\n\n2. CVE-2024-23724:\nGhost CMS Stored XSS Leading to Owner Takeover\nhttps://rhinosecuritylabs.com/research/cve-2024-23724-ghost-cms-stored-xss\n]-> https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2024-23724\n\n3. CVE-2024-24386:\nVitalPBX <3.2.5 - Command Injection\nhttps://github.com/erick-duarte/CVE-2024-24386", "creation_timestamp": "2024-02-23T06:29:10.000000Z"}]}