{"vulnerability": "cve-2020-1847", "sightings": [{"uuid": "f3a6f3c1-69db-4fa6-aa37-b88c7037d978", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1847", "type": "seen", "source": "https://t.me/cibsecurity/16293", "content": "\u203c CVE-2020-1847 \u203c\n\nThere is a denial of service vulnerability in some Huawei products. There is no protection against the attack scenario of specific protocol. A remote, unauthorized attackers can construct attack scenarios, which leads to denial of service.Affected product versions include:NIP6300 versions V500R001C30,V500R001C60;NIP6600 versions V500R001C30,V500R001C60;Secospace USG6300 versions V500R001C30,V500R001C60;Secospace USG6500 versions V500R001C30,V500R001C60;Secospace USG6600 versions V500R001C30,V500R001C60;USG9500 versions V500R001C30,V500R001C60.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-11-13T18:33:46.000000Z"}, {"uuid": "a3e87445-bea6-4cb1-ab70-09c8e0bddf75", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-18476", "type": "seen", "source": "https://t.me/cibsecurity/27911", "content": "\u203c CVE-2020-18476 \u203c\n\nSQL Injection vulnerability in Hucart CMS 5.7.4 via the basic information field found in the avatar usd_image field.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-26T22:27:30.000000Z"}, {"uuid": "a3270f89-82e8-4ca0-bc60-36fde1263437", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-18477", "type": "seen", "source": "https://t.me/cibsecurity/27912", "content": "\u203c CVE-2020-18477 \u203c\n\nSQL Injection vulnerability in Hucart CMS 5.7.4 via the purchase enquiry field found in the Message con_content field.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-26T22:27:32.000000Z"}, {"uuid": "c6c44365-81a6-4ad8-8870-0d97f8b9029c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-18470", "type": "seen", "source": "https://t.me/cibsecurity/27921", "content": "\u203c CVE-2020-18470 \u203c\n\nStored cross-site scripting (XSS) vulnerability in the Name of application field found in the General Configuration page in Rukovoditel 2.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted website name by doing an authenticated POST HTTP request to rukovoditel_2.4.1/install/index.php.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-26T22:27:49.000000Z"}, {"uuid": "4910ea4d-61f8-432a-8ecc-c6c8b49351cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-18475", "type": "seen", "source": "https://t.me/cibsecurity/27923", "content": "\u203c CVE-2020-18475 \u203c\n\nCross Site Scripting (XSS) vulnerabilty exists in Hucart CMS 5.7.4 is via the mes_title field. The first user inserts a malicious script into the header field of the outbox and sends it to other users. When other users open the email, the malicious code will be executed.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-26T22:27:53.000000Z"}]}