{"vulnerability": "cve-2021-4333", "sightings": [{"uuid": "92e56ff2-e3fd-45db-9fba-1f86710da24c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-43331", "type": "seen", "source": "https://t.me/cibsecurity/32351", "content": "\u203c CVE-2021-43331 \u203c\n\nIn GNU Mailman before 2.1.36, a crafted URL to the Cgi/options.py user options page can execute arbitrary JavaScript for XSS.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-13T00:39:41.000000Z"}, {"uuid": "149b3371-021d-441f-9b5f-306aa6465717", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-4333", "type": "seen", "source": "https://t.me/cibsecurity/59579", "content": "\u203c CVE-2021-4333 \u203c\n\nThe WP Statistics plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 13.1.1. This is due to missing or incorrect nonce validation on the view() function. This makes it possible for unauthenticated attackers to activate and deactivate arbitrary plugins, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-07T18:19:42.000000Z"}, {"uuid": "27749a68-344a-48e2-a98b-ad8997482dee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-43334", "type": "seen", "source": "https://t.me/cibsecurity/36317", "content": "\u203c CVE-2021-43334 \u203c\n\nBuddyBoss Platform through 1.8.0 allows XSS via the Group Name or Group Description field.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-26T18:19:45.000000Z"}, {"uuid": "7d1acd4e-c2c0-45b2-9a14-88afc10825d3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-43333", "type": "seen", "source": "https://t.me/cibsecurity/34816", "content": "\u203c CVE-2021-43333 \u203c\n\nThe Datalogic DXU service on (for example) DL-Axist devices does not require authentication for configuration changes or disclosure of configuration settings.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-01T12:36:08.000000Z"}, {"uuid": "48e430af-305a-44c1-ad6d-8be11900afde", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-43336", "type": "seen", "source": "https://t.me/cibsecurity/32390", "content": "\u203c CVE-2021-43336 \u203c\n\nAn Out-of-Bounds Write vulnerability exists when reading a DXF file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DXF files. Crafted data in a DXF file (an invalid number of properties) can trigger a write operation past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-15T00:11:44.000000Z"}, {"uuid": "0f88702f-8d5b-47e1-b2aa-50076fa1ebcf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-43339", "type": "seen", "source": "https://t.me/cibsecurity/31787", "content": "\u203c CVE-2021-43339 \u203c\n\nIn Ericsson Network Location MPS GMPC21, it is possible to inject commands via file_name in the export functionality.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-03T23:23:41.000000Z"}, {"uuid": "096c8b2c-092d-4192-9577-c9ef904fae91", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-43338", "type": "seen", "source": "https://t.me/cibsecurity/31776", "content": "\u203c CVE-2021-43338 \u203c\n\nIn Ericsson Network Location MPS GMPC21, it is possible to creates a new admin user with a SQL Query for file_name in the export functionality.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-03T23:23:26.000000Z"}]}