{"vulnerability": "cve-2020-3569", "sightings": [{"uuid": "16830911-db3e-403d-94cb-8fd178596b71", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-3569", "type": "seen", "source": "MISP/f5030aca-7d5a-43a4-ae03-8f4ac8e85422", "content": "", "creation_timestamp": "2021-11-08T08:58:17.000000Z"}, {"uuid": "74676984-01b7-44ce-acac-91d70ee1fcc8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-3569", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2021-11-20T09:53:52.000000Z"}, {"uuid": "7afcb859-0517-4b15-860b-9483534eae44", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-3569", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/2971110", "content": "", "creation_timestamp": "2024-12-24T20:24:24.454204Z"}, {"uuid": "d8cf8989-db9d-4831-af72-663db26018b3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-3569", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:09:48.000000Z"}, {"uuid": "ecac9bcc-0f56-4cfc-8188-041936c508a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-3569", "type": "exploited", "source": "https://t.me/Yemen_Shield/514", "content": "\u0623\u0635\u062f\u0631\u062a Cisco \u062a\u0635\u062d\u064a\u062d\u0627\u062a \u0623\u0645\u0627\u0646 \u0644\u0627\u062b\u0646\u062a\u064a\u0646 \u0645\u0646 \u0646\u0642\u0627\u0637 \u0627\u0644\u0636\u0639\u0641 \u0634\u062f\u064a\u062f\u0629 \u0627\u0644\u062e\u0637\u0648\u0631\u0629 (CVE-2020-3566 \u0648 CVE-2020-3569) \u0627\u0644\u062a\u064a \u062a\u0624\u062b\u0631 \u0639\u0644\u0649 \u0628\u0631\u0646\u0627\u0645\u062c IOS XR - \u0627\u0644\u062a\u064a \u062a\u0645 \u0627\u0633\u062a\u063a\u0644\u0627\u0644\u0647\u0627 \u0628\u0646\u0634\u0627\u0637 \u0645\u0646\u0630 \u0627\u0644\u0634\u0647\u0631 \u0627\u0644\u0645\u0627\u0636\u064a \nDetails: https://thehackernews.com/2020/09/cisco.html", "creation_timestamp": "2020-09-30T19:13:34.000000Z"}, {"uuid": "78f5433c-075e-48bd-9a1f-96464efeca86", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2020-3569", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/7ca4c7ee-d77d-434a-a960-3455d59c6ede", "content": "", "creation_timestamp": "2026-02-02T12:28:40.610013Z"}, {"uuid": "1bb3e0a3-8c64-4846-938a-876da6076d6d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-3569", "type": "seen", "source": "https://t.me/cKure/2395", "content": "\u25a0\u25a0\u25a0\u25a0\u25a1 CVE-2020-3566 and CVE-2020-3569.\nHackers Are Attempting to Cripple Cisco Networking Kit via New #0day.\n\nhttps://news.hitb.org/content/hackers-are-attempting-cripple-cisco-networking-kit-new-0day", "creation_timestamp": "2020-09-27T13:56:54.000000Z"}, {"uuid": "559a0882-042c-4f58-ba1d-7f594ce9561b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35698", "type": "published-proof-of-concept", "source": "https://t.me/cibsecurity/67260", "content": "\u203c CVE-2020-35698 \u203c\n\nThinkific Thinkific Online Course Creation Platform 1.0 is affected by: Cross Site Scripting (XSS). The impact is: execute arbitrary code (remote). The component is: Affected Source code of the website CMS which is been used by many to host their online courses using the Thinkific Platform. The attack vector is: To exploit the vulnerability any user has to just visit the link - https://hacktify.thinkific.com/account/billing?success=%E2%80%AA%3Cscript%3Ealert(1)%3C/script%3E. \u00c2\u00b6\u00c2\u00b6 Thinkific is a Website based Learning Platform Product which is used by thousands of users worldwide. There is a Cross Site Scripting (XSS) based vulnerability in the code of the CMS where any attacker can execute a XSS attack. Proof of Concept & Steps to Reproduce: Step1 : Go to Google.com Step 2 : Search for this Dork site:thinkific.com -www Step 3 : You will get a list of websites which are running on the thinkific domains. Step 4 : Create account and signin in any of the website Step 5 : Add this endpoint at the end of the domain and you will see that there is a XSS Alert /account/billing?success=%E2%80%AAalert(1) Step 6 : Choose any domains from google for any website this exploit will work on all the websites as it is a code based flaw in the CMS Step 7 : Thousands of websites are vulnerable due to this vulnerable code in the CMS itself which is giving rise to the XSS attack.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-26T00:27:15.000000Z"}, {"uuid": "937fcd22-bd28-45d9-a97f-74c77cb2d766", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-3569", "type": "exploited", "source": "https://t.me/thehackernews/861", "content": "Cisco releases security patches for 2 high-severity vulnerabilities (CVE-2020-3566 and CVE-2020-3569) affecting IOS XR software\u2014actively being exploited in the wild at least since last month.\n\nDetails: https://thehackernews.com/2020/09/cisco.html", "creation_timestamp": "2020-09-30T18:57:37.000000Z"}, {"uuid": "967e3c5d-9428-46f5-b943-43ab5774e828", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35693", "type": "seen", "source": "https://t.me/cibsecurity/21294", "content": "\u203c CVE-2020-35693 \u203c\n\nOn some Samsung phones and tablets running Android through 7.1.1, it is possible for an attacker-controlled Bluetooth Low Energy (BLE) device to pair silently with a vulnerable target device, without any user interaction, when the target device's Bluetooth is on, and it is running an app that offers a connectable BLE advertisement. An example of such an app could be a Bluetooth-based contact tracing app, such as Australia's COVIDSafe app, Singapore's TraceTogether app, or France's TousAntiCovid (formerly StopCovid). As part of the pairing process, two pieces (among others) of personally identifiable information are exchanged: the Identity Address of the Bluetooth adapter of the target device, and its associated Identity Resolving Key (IRK). Either one of these identifiers can be used to perform re-identification of the target device for long term tracking. The list of affected devices includes (but is not limited to): Galaxy Note 5, Galaxy S6 Edge, Galaxy A3, Tab A (2017), J2 Pro (2018), Galaxy Note 4, and Galaxy S5.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-24T20:55:04.000000Z"}]}