{"vulnerability": "cve-2023-3875", "sightings": [{"uuid": "63e1f4ea-7000-4db2-b95d-6b37e3d36a0e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38750", "type": "exploited", "source": "https://t.me/ctinow/126799", "content": "https://ift.tt/GYJTdg9\nZimbra fixed actively exploited zero-day CVE-2023-38750 in ZCS", "creation_timestamp": "2023-07-28T00:16:56.000000Z"}, {"uuid": "2b7942e4-a1ba-4897-b2d4-dcb9afe5b2f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38750", "type": "exploited", "source": "https://t.me/true_secator/4670", "content": "\u0421\u043f\u0443\u0441\u0442\u044f \u0434\u0432\u0435 \u043d\u0435\u0434\u0435\u043b\u0438 \u043f\u043e\u0441\u043b\u0435 \u043f\u0435\u0440\u0432\u043e\u043d\u0430\u0447\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u044f Zimbra \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0434\u043b\u044f \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f 0-day, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u043e\u0439 \u0432 XSS-\u0430\u0442\u0430\u043a\u0430\u0445 \u043d\u0430 \u043f\u043e\u0447\u0442\u043e\u0432\u044b\u0435 \u0441\u0435\u0440\u0432\u0435\u0440\u044b Collaboration Suite (ZCS).\n\n\u0412 \u043d\u0430\u0441\u0442\u043e\u044f\u0449\u0435\u0435 \u0432\u0440\u0435\u043c\u044f \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u043a\u0430\u043a CVE-2023-38750 \u0438 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0441\u043e\u0431\u043e\u0439 XSS-\u043e\u0448\u0438\u0431\u043a\u0443, \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u0443\u044e \u041a\u043b\u0435\u043c\u0435\u043d\u0442\u043e\u043c \u041b\u0435\u0441\u0438\u043d\u0435\u043c \u0438\u0437 Google Threat Analysis Group.\n\n\u041f\u0435\u0440\u0432\u043e\u043d\u0430\u0447\u0430\u043b\u044c\u043d\u043e Zimbra \u043d\u0435 \u0441\u0442\u0430\u043b\u0430 \u0441\u043e\u043e\u0431\u0449\u0430\u0442\u044c \u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0431\u0430\u0433\u0438 \u0432 \u0434\u0438\u043a\u043e\u0439 \u043f\u0440\u0438\u0440\u043e\u0434\u0435, \u0432\u043c\u0435\u0441\u0442\u043e \u043d\u0435\u0435 \u044d\u0442\u043e \u0441\u0434\u0435\u043b\u0430\u043b\u0438 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u0438\u0442\u0435\u043b\u0438 Google TAG. \u041f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a \u043b\u0438\u0448\u044c \u043f\u0440\u0438\u0437\u0432\u0430\u043b \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u044f\u0442\u044c \u0435\u0435 \u0432\u0440\u0443\u0447\u043d\u0443\u044e.\n\n\u0422\u0435\u043f\u0435\u0440\u044c \u0436\u0435 \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 ZCS 10.0.2 \u0441 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435\u043c CVE-2023-38750, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0433\u043b\u0430 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u044e \u0432\u043d\u0443\u0442\u0440\u0435\u043d\u043d\u0438\u0445 \u0444\u0430\u0439\u043b\u043e\u0432 JSP \u0438 XML.\n\n\u041f\u043e\u043c\u0438\u043c\u043e CVE-2023-38750 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0437\u0430\u043a\u0440\u044b\u0432\u0430\u0435\u0442 \u0438 \u0434\u0440\u0443\u0433\u0443\u044e CVE-2023-0464, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0443\u044e \u0441 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u0446\u0435\u043f\u043e\u0447\u0435\u043a \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0432 X.509, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0432\u043a\u043b\u044e\u0447\u0430\u044e\u0442 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u043f\u043e\u043b\u0438\u0442\u0438\u043a\u0438 \u0432 OpenSSL.\n\n\u0414\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u0443\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e \u043e\u0431 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f\u0445 \u041f\u041e \u043c\u043e\u0436\u043d\u043e \u043d\u0430\u0439\u0442\u0438 \u043d\u0430 \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u0435\u00a0\u0446\u0435\u043d\u0442\u0440\u0430 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 Zimbra.", "creation_timestamp": "2023-07-28T16:05:05.000000Z"}, {"uuid": "3922995b-5d5b-4069-8a99-0dd9cb0c0a01", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38759", "type": "seen", "source": "https://t.me/cibsecurity/68007", "content": "\u203c CVE-2023-38759 \u203c\n\nCross Site Request Forgery (CSRF) vulnerability in wger Project wger Workout Manager 2.2.0a3 allows a remote attacker to gain privileges via the user-management feature in the gym/views/gym.py, templates/gym/reset_user_password.html, templates/user/overview.html, core/views/user.py, and templates/user/preferences.html, core/forms.py components.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-08T20:14:20.000000Z"}, {"uuid": "ae8e1a7f-c5c9-4ae5-aebb-fd0f1618e71a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-3875", "type": "seen", "source": "https://t.me/cibsecurity/67207", "content": "\u203c CVE-2023-3875 \u203c\n\nA vulnerability has been found in Campcodes Beauty Salon Management System 0.1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/del_feedback.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-235237 was assigned to this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-25T10:12:58.000000Z"}, {"uuid": "67cd22d2-85be-4981-ab53-2c3fe7d0112e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38758", "type": "seen", "source": "https://t.me/cibsecurity/68014", "content": "\u203c CVE-2023-38758 \u203c\n\nCross Site Scripting vulnerability in wger Project wger Workout Manager v.2.2.0a3 allows a remote attacker to gain privileges via the license_author field in the add-ingredient function in the templates/ingredients/view.html, models/ingredients.py, and views/ingredients.py components.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-08T20:14:27.000000Z"}, {"uuid": "7415cec2-a572-4754-aeef-7d7399873b30", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38750", "type": "seen", "source": "https://t.me/cibsecurity/67485", "content": "\u203c CVE-2023-38750 \u203c\n\nIn Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41, 9 before 9.0.0 Patch 34, and 10 before 10.0.2, internal JSP and XML files can be exposed.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-31T20:37:58.000000Z"}]}