{"vulnerability": "cve-2023-3115", "sightings": [{"uuid": "16d1535d-417f-433d-ab09-e706d11ca39e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-31156", "type": "seen", "source": "https://t.me/cibsecurity/63844", "content": "\u203c CVE-2023-31156 \u203c\n\nAn Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.See SEL Service Bulletin dated 2022-11-15 for more details.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-11T00:14:57.000000Z"}, {"uuid": "a63cc118-6342-4afb-8ce8-3929404456b3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-31158", "type": "seen", "source": "https://t.me/cibsecurity/63845", "content": "\u203c CVE-2023-31158 \u203c\n\nAn Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.See SEL Service Bulletin dated 2022-11-15 for more details.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-11T00:14:58.000000Z"}, {"uuid": "2001abfc-842b-470a-89a4-13758b2d6dfc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-31155", "type": "seen", "source": "https://t.me/cibsecurity/63836", "content": "\u203c CVE-2023-31155 \u203c\n\nAn Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.See SEL Service Bulletin dated 2022-11-15 for more details.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-11T00:14:43.000000Z"}, {"uuid": "754947a8-4f20-4f30-af04-84656bfe3a1b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-31150", "type": "seen", "source": "https://t.me/cibsecurity/63833", "content": "\u203c CVE-2023-31150 \u203c\n\nA Storing Passwords in a Recoverable Format vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) database system could allow an authenticated attacker to retrieve passwords.See SEL Service Bulletin dated 2022-11-15 for more details.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-11T00:14:41.000000Z"}, {"uuid": "640b7bbc-0633-4db2-b48d-0757e9cbae29", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-3115", "type": "seen", "source": "https://t.me/cibsecurity/71270", "content": "\u203c CVE-2023-3115 \u203c\n\nAn issue has been discovered in GitLab EE affecting all versions affecting all versions from 11.11 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1. Single Sign On restrictions were not correctly enforced for indirect project members accessing public members-only project repositories.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-29T12:42:30.000000Z"}, {"uuid": "ae3c4a79-96ec-49ce-87e5-8553181f0fe1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-31154", "type": "seen", "source": "https://t.me/cibsecurity/63843", "content": "\u203c CVE-2023-31154 \u203c\n\nAn Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.See SEL Service Bulletin dated 2022-11-15 for more details.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-11T00:14:56.000000Z"}, {"uuid": "5ab734bd-1a19-4fc6-8a8e-f7205db428d5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-31151", "type": "seen", "source": "https://t.me/cibsecurity/63851", "content": "\u203c CVE-2023-31151 \u203c\n\nAn Improper Certificate Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interfacecould allow a remote unauthenticated attacker to conduct a man-in-the-middle (MitM) attack.See SEL Service Bulletin dated 2022-11-15 for more details.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-11T00:15:04.000000Z"}, {"uuid": "502b73fb-cf19-4b48-bbc4-c10a4d135c9a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-31152", "type": "seen", "source": "https://t.me/cibsecurity/63838", "content": "\u203c CVE-2023-31152 \u203c\n\nAn Authentication Bypass Using an Alternate Path or Channel vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface allows Authentication Bypass. See SEL Service Bulletin dated 2022-11-15 for more details.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-11T00:14:48.000000Z"}, {"uuid": "58968e6b-14d9-4352-840e-2eb527fb1e14", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-31159", "type": "seen", "source": "https://t.me/cibsecurity/63849", "content": "\u203c CVE-2023-31159 \u203c\n\nAn Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.See SEL Service Bulletin dated 2022-11-15 for more details.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-11T00:15:02.000000Z"}]}