{"vulnerability": "cve-2023-4371", "sightings": [{"uuid": "3ae36ade-3928-4499-bb85-5b3a810849a2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-43710", "type": "seen", "source": "https://t.me/cibsecurity/71355", "content": "\u203c CVE-2023-43710 \u203c\n\nOs Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.This vulnerability allows attackers to inject JS through the \"configuration_title[1][MODULE_SHIPPING_PERCENT_TEXT_TITLE]\" parameter,potentially leading to unauthorized execution of scripts within a user's web browser.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-30T07:38:32.000000Z"}, {"uuid": "951738f0-5fa8-4220-898d-9fa43c365430", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-43718", "type": "seen", "source": "https://t.me/cibsecurity/71368", "content": "\u203c CVE-2023-43718 \u203c\n\nOs Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.This vulnerability allows attackers to inject JS through the \"MSEARCH_ENABLE_TITLE[1]\" parameter,potentially leading to unauthorized execution of scripts within a user's web browser.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-01T02:39:06.000000Z"}, {"uuid": "cc726eb2-62f1-4eef-aec7-de735ced1a48", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-43717", "type": "seen", "source": "https://t.me/cibsecurity/71369", "content": "\u203c CVE-2023-43717 \u203c\n\nOs Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.This vulnerability allows attackers to inject JS through the \"MSEARCH_HIGHLIGHT_ENABLE_TITLE[1]\" parameter,potentially leading to unauthorized execution of scripts within a user's web browser.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-01T02:39:07.000000Z"}, {"uuid": "507398c2-3eac-49d2-bfcd-f92716850f21", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-43719", "type": "seen", "source": "https://t.me/cibsecurity/71378", "content": "\u203c CVE-2023-43719 \u203c\n\nOs Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.This vulnerability allows attackers to inject JS through the \"SHIPPING_GENDER_TITLE[1]\" parameter,potentially leading to unauthorized execution of scripts within a user's web browser.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-01T02:39:21.000000Z"}, {"uuid": "ffd7c692-3039-45e7-90a8-fd4253aaceaf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-43711", "type": "seen", "source": "https://t.me/cibsecurity/71343", "content": "\u203c CVE-2023-43711 \u203c\n\nOs Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.This vulnerability allows attackers to inject JS through the \"admin_firstname\" parameter,potentially leading to unauthorized execution of scripts within a user's web browser.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-30T07:38:20.000000Z"}, {"uuid": "19fabb89-c99e-4665-a32d-3ee551570516", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-4371", "type": "seen", "source": "https://t.me/cibsecurity/68538", "content": "\u203c CVE-2023-4371 \u203c\n\nA vulnerability was found in phpRecDB 1.3.1. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument r/view leads to cross site scripting. The attack may be launched remotely. VDB-237194 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-15T18:30:34.000000Z"}]}