{"vulnerability": "cve-2023-3794", "sightings": [{"uuid": "a4aea791-1dd3-4641-9107-2ca0ed2757e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-37940", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113670300799021960", "content": "", "creation_timestamp": "2024-12-17T21:32:23.055509Z"}, {"uuid": "c9497245-de45-4ea8-afa5-c89988bdffe8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-37941", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:46.000000Z"}, {"uuid": "5ae84d6f-5b18-4224-833e-ef0578d8b46c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-37941", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:10:55.000000Z"}, {"uuid": "fd089b48-39c9-4c68-ab65-a8d6451b8cad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-37941", "type": "seen", "source": "MISP/a9d21043-f825-4bac-8d2b-56fb9e8343e7", "content": "", "creation_timestamp": "2025-10-23T21:13:01.000000Z"}, {"uuid": "2c2e98e2-46de-442a-980d-fdf812208549", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-37941", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/apache_superset_cookie_sig_rce.rb", "content": "", "creation_timestamp": "2023-10-12T21:34:40.000000Z"}, {"uuid": "7beff782-361e-4ef3-9210-bd2f1ced140f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-37941", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lwkbd7jwdi2v", "content": "", "creation_timestamp": "2025-08-16T21:02:22.128502Z"}, {"uuid": "1dc149b6-d03f-416e-b00b-ee97c5dc6cd0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-37941", "type": "published-proof-of-concept", "source": "Telegram/hqzcq-N-UmfLuy_GrV60Wdv72OSiDR6dOzg10bG3ca7Czg", "content": "", "creation_timestamp": "2023-09-07T13:42:21.000000Z"}, {"uuid": "be2af9bd-843e-4a0b-a42e-92faede07ce1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-37940", "type": "seen", "source": "https://t.me/cvedetector/13141", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2023-37940 - Liferay Portal Liferay DXP Cross-Site Scripting (XSS)\", \n  \"Content\": \"CVE ID : CVE-2023-37940 \nPublished : Dec. 17, 2024, 10:15 p.m. | 43\u00a0minutes ago \nDescription : Cross-site scripting (XSS) vulnerability in the edit Service Access Policy page in Liferay Portal 7.0.0 through 7.4.3.87, and Liferay DXP 7.4 GA through update 87, 7.3 GA through update 29, and older unsupported versions allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a service access policy's `Service Class` text field. \nSeverity: 4.8 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"17 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-18T00:18:46.000000Z"}, {"uuid": "c169fe3b-a5ae-4b3c-be7a-cdbfcfc4da41", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-37941", "type": "seen", "source": "https://t.me/KomunitiSiber/755", "content": "Alert: Apache SuperSet Vulnerabilities Expose Servers to Remote Code Execution Attacks\nhttps://thehackernews.com/2023/09/alert-apache-superset-vulnerabilities.html\n\nPatches have been released to address two new security vulnerabilities in Apache SuperSet that could be exploited by an attacker to gain remote code execution on affected systems.\nThe update (version 2.1.1) plugs\u00a0CVE-2023-39265\u00a0and\u00a0CVE-2023-37941, which make it possible to conduct nefarious actions once a bad actor is able to gain control of Superset\u2019s metadata database.\nOutside of these", "creation_timestamp": "2023-09-07T13:47:33.000000Z"}, {"uuid": "18739b74-e652-4b68-9144-d8e912a2bc58", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-37941", "type": "seen", "source": "https://t.me/thehackernews/3838", "content": "Apache SuperSet users, beware! \n \nA critical update has been released to patch two new vulnerabilities (CVE-2023-39265 & CVE-2023-37941) that could expose your servers to remote code execution attacks. \n \nFind out here: https://thehackernews.com/2023/09/alert-apache-superset-vulnerabilities.html", "creation_timestamp": "2023-09-07T13:31:34.000000Z"}, {"uuid": "0ca4c015-9f45-439d-bf38-a34a0943058a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-3794", "type": "seen", "source": "https://t.me/cibsecurity/67055", "content": "\u203c CVE-2023-3794 \u203c\n\nA vulnerability classified as problematic has been found in Bug Finder ChainCity Real Estate Investment Platform 1.0. Affected is an unknown function of the file /chaincity/user/ticket/create of the component New Ticket Handler. The manipulation of the argument subject leads to cross site scripting. It is possible to launch the attack remotely. VDB-235062 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-21T00:32:57.000000Z"}, {"uuid": "ab432b01-48e1-44cc-a3d3-ba391430cf16", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-37942", "type": "seen", "source": "https://t.me/cibsecurity/66594", "content": "\u203c CVE-2023-37942 \u203c\n\nJenkins External Monitor Job Type Plugin 206.v9a_94ff0b_4a_10 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-12T20:46:58.000000Z"}, {"uuid": "c3b59451-5d1a-4a41-9082-7e99c1fda800", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-37948", "type": "seen", "source": "https://t.me/cibsecurity/66583", "content": "\u203c CVE-2023-37948 \u203c\n\nJenkins Oracle Cloud Infrastructure Compute Plugin 1.0.16 and earlier does not validate SSH host keys when connecting OCI clouds, enabling man-in-the-middle attacks.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-12T20:25:55.000000Z"}, {"uuid": "ac21ec42-407c-4bfa-9ea0-15d31ebf4549", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-37945", "type": "seen", "source": "https://t.me/cibsecurity/66591", "content": "\u203c CVE-2023-37945 \u203c\n\nA missing permission check in Jenkins SAML Single Sign On(SSO) Plugin 2.1.0 through 2.3.0 (both inclusive) allows attackers with Overall/Read permission to download a string representation of the current security realm.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-12T20:31:44.000000Z"}, {"uuid": "6f1eb9ce-53b7-448e-ac3a-17d16bae4a7f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-37941", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/8984", "content": "#exploit\n1. CVE-2023-4634:\nRCE Exploit for Wordpress Media-Library Plugin < 3.10\nhttps://github.com/Patrowl/CVE-2023-4634\n\n2. CVE-2023-27524, CVE-2023-39265, CVE-2023-37941:\nApache Superset\u00a0- RCE, Credential Harvesting & More\nhttps://www.horizon3.ai/apache-superset-part-ii-rce-credential-harvesting-and-more", "creation_timestamp": "2023-09-07T11:01:26.000000Z"}]}