{"vulnerability": "cve-2021-4365", "sightings": [{"uuid": "3edb81aa-7e7d-42bb-a988-038efbee9a6a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-43650", "type": "seen", "source": "https://t.me/cibsecurity/39382", "content": "\u203c CVE-2021-43650 \u203c\n\nWebRun 3.6.0.42 is vulnerable to SQL Injection via the P_0 parameter used to set the username during the login process.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-22T19:27:59.000000Z"}, {"uuid": "c16b7b1c-a859-4e2f-b85b-b900e2e4a517", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-43659", "type": "seen", "source": "https://t.me/cibsecurity/39491", "content": "\u203c CVE-2021-43659 \u203c\n\nIn halo 1.4.14, the function point of uploading the avatar, any file can be uploaded, such as uploading an HTML file, which will cause a stored XSS vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-24T17:29:38.000000Z"}, {"uuid": "7fecd898-dbf2-45ae-809f-fdcf2286e59f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-43657", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/7135", "content": "#exploit\n1. CVE-2021-43657:\nEmployee Daily Task Management System 1.0 - XSS\nhttps://github.com/c0n5n3d/CVE-2021-43657\n2. Android hacking with Image\nhttps://github.com/pro-rat/IMAGE-RAT\n3. Client Side Path Traversal and Open Redirect\nhttps://mr-medi.github.io/research/2022/11/04/practical-client-side-path-traversal-attacks.html", "creation_timestamp": "2022-11-09T11:03:03.000000Z"}, {"uuid": "9c0d25c3-3f42-4302-9b17-cb51c9574fc1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-43657", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/12075", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2021-43657\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A Stored Cross-site scripting (XSS) vulnerability via MAster.php in Sourcecodetester Simple Client Management System (SCMS) 1.0 allows remote attackers to inject arbitrary web script or HTML via the vulnerable input fields.\n\ud83d\udccf Published: 2022-12-22T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-16T15:52:14.280Z\n\ud83d\udd17 References:\n1. https://github.com/c0n5n3d/CVE-2021-43657/blob/main/Info.txt", "creation_timestamp": "2025-04-16T15:55:56.000000Z"}, {"uuid": "aa99b137-d3a5-46f9-95ae-ba20d79770f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-43657", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/1426", "content": "https://github.com/c0n5n3d/CVE-2021-43657", "creation_timestamp": "2022-11-20T22:47:46.000000Z"}]}