{"vulnerability": "cve-2023-2983", "sightings": [{"uuid": "1895d55b-8c89-4c06-a16c-2ebe6b43327a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29837", "type": "seen", "source": "https://t.me/cibsecurity/64356", "content": "\u203c CVE-2023-29837 \u203c\n\nCross Site Scripting vulnerability found in Exelysis Unified Communication Solution (EUCS) v.1.0 allows a remote attacker to gain privileges via the URL path of the eucsAdmin login web page.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-18T00:36:38.000000Z"}, {"uuid": "de7c6ad8-faa2-4ad5-925b-d03a9d47f745", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-2983", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/1224", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-2983\n\ud83d\udd39 Description: Privilege Defined With Unsafe Actions in GitHub repository pimcore/pimcore prior to 10.5.23.\n\ud83d\udccf Published: 2023-05-30T00:00:00\n\ud83d\udccf Modified: 2025-01-10T20:52:19.382Z\n\ud83d\udd17 References:\n1. https://huntr.dev/bounties/6b2f33d3-2fd0-4d2d-ad7b-2c1e2417eeb1\n2. https://github.com/pimcore/pimcore/commit/c8f37b19c99cd82e4e558857d3e4d5476ea7228a", "creation_timestamp": "2025-01-10T21:03:48.000000Z"}, {"uuid": "0dd91c30-4892-45f9-9448-00a37084a502", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29835", "type": "seen", "source": "https://t.me/cibsecurity/62942", "content": "\u203c CVE-2023-29835 \u203c\n\nInsecure Permission vulnerability found in Wondershare Dr.Fone v.12.9.6 allows a remote attacker to escalate privileges via the service permission function.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-27T00:25:16.000000Z"}, {"uuid": "e6e4b75b-be9b-461b-8d24-76f9de8fe5f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29839", "type": "seen", "source": "https://t.me/cibsecurity/63195", "content": "\u203c CVE-2023-29839 \u203c\n\nA Stored Cross Site Scripting (XSS) vulnerability exists in multiple pages of Hotel Druid version 3.0.4, which allows arbitrary execution of commands. The vulnerable fields are Surname, Name, and Nickname in the Document function.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-03T07:30:44.000000Z"}, {"uuid": "b35328e0-4a77-4395-950a-a49e867ffbe3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29836", "type": "seen", "source": "https://t.me/cibsecurity/62937", "content": "\u203c CVE-2023-29836 \u203c\n\nCross Site Scripting vulnerability found in Exelysis Unified Communication Solutions (EUCS) v.1.0 allows a remote attacker to execute arbitrary code via the Username parameter of the eucsAdmin login form.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-27T00:25:09.000000Z"}, {"uuid": "18a8200f-b614-4dd1-8217-6201ad01b9bd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29838", "type": "seen", "source": "https://t.me/cibsecurity/64573", "content": "\u203c CVE-2023-29838 \u203c\n\nInsecure Permission vulnerability found in Botkind/Siber Systems SyncApp v.19.0.3.0 allows a local attacker toe escalate privileges via the SyncService.exe file.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-23T00:25:42.000000Z"}]}