{"vulnerability": "cve-2023-3638", "sightings": [{"uuid": "5775d331-b3cf-4ada-b3ae-75d3c3296b0b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36380", "type": "seen", "source": "https://t.me/cibsecurity/71904", "content": "\u203c CVE-2023-36380 \u203c\n\nA vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05.11 (only with activated debug support)), CP-8050 MASTER MODULE (All versions < CPCI85 V05.11 (only with activated debug support)). The affected devices contain a hard-coded ID in the SSH `authorized_keys` configuration file. An attacker with knowledge of the corresponding private key could login to the device via SSH. Only devices with activated debug support are affected.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-10T22:45:46.000000Z"}, {"uuid": "5dd67f56-0f55-4bb7-964f-86de968b67c7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36384", "type": "seen", "source": "https://t.me/cibsecurity/66918", "content": "\u203c CVE-2023-36384 \u203c\n\nUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in CodePeople Booking Calendar Contact Form plugin <=\u00c2\u00a01.2.40 versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-18T18:32:55.000000Z"}, {"uuid": "a5117b3a-e039-447b-a0fa-255795a4a437", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36381", "type": "seen", "source": "https://t.me/ctinow/160012", "content": "https://ift.tt/TwkM5Dy\nCVE-2023-36381", "creation_timestamp": "2023-12-28T12:26:42.000000Z"}, {"uuid": "e82c4e41-448a-47dc-a262-4cc982929a8b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36388", "type": "seen", "source": "https://t.me/cibsecurity/69998", "content": "\u203c CVE-2023-36388 \u203c\n\nImproper REST API permission in Apache Superset up to and including 2.1.0 allows for an authenticated Gamma users to test network connections, possible SSRF.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-06T16:17:40.000000Z"}, {"uuid": "6937b6db-b2e1-4d8e-abcf-c923ad4a705b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36381", "type": "seen", "source": "https://t.me/ctinow/170587", "content": "https://ift.tt/Fjd319P\nCVE-2023-36381 | Gesundheit Bewegt Zippy Plugin up to 1.6.5 on WordPress deserialization", "creation_timestamp": "2024-01-20T11:11:10.000000Z"}, {"uuid": "b71bdad6-a771-44b5-a32f-d53fdb4ef3aa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-3638", "type": "seen", "source": "https://t.me/cibsecurity/67012", "content": "\u203c CVE-2023-3638 \u203c\n\nIn GeoVision GV-ADR2701 cameras, an attacker could edit the login response to access the web application.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-19T18:21:56.000000Z"}, {"uuid": "418eeeac-2cb1-43a7-9391-f5c203992463", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36382", "type": "seen", "source": "https://t.me/cibsecurity/69757", "content": "\u203c CVE-2023-36382 \u203c\n\nAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jeffrey-WP Media Library Categories plugin <=\u00c2\u00a02.0.0 versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-04T14:16:10.000000Z"}, {"uuid": "1fc733cd-738a-4f52-82a2-a2f99421dee5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36383", "type": "seen", "source": "https://t.me/cibsecurity/66922", "content": "\u203c CVE-2023-36383 \u203c\n\nAuth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in MagePeople Team Event Manager and Tickets Selling Plugin for WooCommerce plugin <=\u00c2\u00a03.9.5 versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-18T18:33:01.000000Z"}, {"uuid": "c1768d1b-cc79-41ad-b1ec-901f6388cce1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36386", "type": "seen", "source": "https://t.me/cibsecurity/66361", "content": "\u203c CVE-2023-36386 \u203c\n\nA vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected application that could allow an attacker to execute malicious javascript code by tricking users into accessing a malicious link. The value is reflected in the response without sanitization while throwing an\u00e2\u20ac\u0153invalid params element name\u00e2\u20ac\ufffd error on the get_elements parameters.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-11T14:29:54.000000Z"}, {"uuid": "3994e44a-b842-472d-b310-025f14c25bbd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36385", "type": "seen", "source": "https://t.me/cibsecurity/67246", "content": "\u203c CVE-2023-36385 \u203c\n\nUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in wpxpo PostX \u00e2\u20ac\u201c Gutenberg Post Grid Blocks plugin <=\u00c2\u00a02.9.9 versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-25T18:27:01.000000Z"}, {"uuid": "1348b86f-1e7a-4dd8-8245-3ebe0bbf2863", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36389", "type": "seen", "source": "https://t.me/cibsecurity/66352", "content": "\u203c CVE-2023-36389 \u203c\n\nA vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected application that could allow an attacker to execute malicious javascript code by tricking users into accessing a malicious link. The malformed value is reflecteddirectly in the response without sanitization while throwing an \u00e2\u20ac\u0153invalid path\u00e2\u20ac\ufffd error.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-11T14:29:43.000000Z"}]}