{"vulnerability": "cve-2023-4944", "sightings": [{"uuid": "323f0dbd-779f-44a4-acad-b2a24c3204fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-49441", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-319-06", "content": "", "creation_timestamp": "2024-11-14T12:00:00.000000Z"}, {"uuid": "25487bc9-800d-4577-b462-951102a77c4f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-49440", "type": "seen", "source": "https://sploitus.com/exploit?id=6AA58F64-E2CD-5A58-9160-97C5E867E3AE", "content": "", "creation_timestamp": "2025-10-26T12:18:24.000000Z"}, {"uuid": "614e302a-77c4-4aa6-8a51-838c2ed74936", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-49440", "type": "published-proof-of-concept", "source": "Telegram/EzFsAEZNgBHevEAPIpyCCdf1yrg0WJnD-EY6fO1yeOWnVs8", "content": "", "creation_timestamp": "2025-11-05T03:00:12.000000Z"}, {"uuid": "bdedc12f-8c28-415a-bbdf-df7b0e9fe894", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-49440", "type": "seen", "source": "https://sploitus.com/exploit?id=C7C0DDE9-8FEB-5312-810B-CFF43435F08F", "content": "", "creation_timestamp": "2025-11-04T23:15:52.000000Z"}, {"uuid": "3e50ef59-9f5e-4cdc-9281-6d8ca74fe4c0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-4944", "type": "seen", "source": "https://t.me/cibsecurity/70426", "content": "\u203c CVE-2023-4944 \u203c\n\nThe Awesome Weather Widget for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'awesome-weather' shortcode in versions up to, and including, 3.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-14T07:24:11.000000Z"}, {"uuid": "a11d73d0-16b4-41ff-92e6-ad427e65b061", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-49440", "type": "published-proof-of-concept", "source": "Telegram/I0OcoAq1rQJgFJRmLN5MBv1R1td-5UFWILJCiprcSGj4Ab4", "content": "", "creation_timestamp": "2025-10-26T15:00:13.000000Z"}, {"uuid": "17c2d18f-79e6-491e-b49a-d1c9fddabc4c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-49442", "type": "seen", "source": "https://t.me/cibsecurity/74344", "content": "\u203c\ufe0fCVE-2023-49442\u203c\ufe0f\n\nDeserialization of Untrusted Data in jeecgFormDemoController in JEECG 4.0 and earlier allows attackers to run arbitrary code via crafted POST request.\n\n\ud83d\udcd6 Read more\n\nVia \"National Vulnerability Database\"", "creation_timestamp": "2024-01-04T01:37:53.000000Z"}, {"uuid": "6ed4fa68-6957-4111-8a98-256e9165481b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-49442", "type": "seen", "source": "https://t.me/arpsyndicate/2483", "content": "#ExploitObserverAlert\n\nCVE-2023-49442\n\nDESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-49442. Deserialization of Untrusted Data in jeecgFormDemoController in JEECG 4.0 and earlier allows attackers to run arbitrary code via crafted POST request.", "creation_timestamp": "2024-01-05T14:37:15.000000Z"}, {"uuid": "477a936c-a715-4640-8039-fc8746a6efdb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-49447", "type": "seen", "source": "https://t.me/arpsyndicate/2334", "content": "#ExploitObserverAlert\n\nCVE-2023-49447\n\nDESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-49447. JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/nav/update.\n\nFIRST-EPSS: 0.000580000\nNVD-IS: 5.9\nNVD-ES: 2.8", "creation_timestamp": "2024-01-03T17:38:34.000000Z"}, {"uuid": "0e87b36b-5de7-464f-96a3-82a4504b0253", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-49443", "type": "seen", "source": "https://t.me/ctinow/161091", "content": "https://ift.tt/gi3c1uF\nCVE-2023-49443 | DoraCMS 2.1.8 Verification excessive authentication", "creation_timestamp": "2023-12-31T14:41:17.000000Z"}, {"uuid": "6917c6d3-35cf-4b75-ab05-83dda5e669d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-49442", "type": "seen", "source": "https://t.me/ctinow/172374", "content": "https://ift.tt/hXLqCec\nCVE-2023-49442 | JEECG up to 4.0 HTTP POST Request jeecgFormDemoController deserialization", "creation_timestamp": "2024-01-23T23:02:24.000000Z"}, {"uuid": "f97514d2-9544-46bb-81c1-5e2e5f80ed70", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-49444", "type": "seen", "source": "https://t.me/ctinow/161111", "content": "https://ift.tt/RmuVE4s\nCVE-2023-49444 | DoraCMS 2.1.8 User Avatar unrestricted upload", "creation_timestamp": "2023-12-31T15:16:45.000000Z"}, {"uuid": "33658e57-e417-4fb3-a51a-bd89e8da1c23", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-49446", "type": "seen", "source": "https://t.me/ctinow/159028", "content": "https://ift.tt/eQ3RPAE\nCVE-2023-49446 | JFinalCMS 5.0.0 /admin/nav/save cross-site request forgery", "creation_timestamp": "2023-12-24T14:31:42.000000Z"}, {"uuid": "14f2affb-12cf-44e8-8bb5-8f7c07e4e917", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-49447", "type": "seen", "source": "https://t.me/ctinow/159027", "content": "https://ift.tt/kdDvEz6\nCVE-2023-49447 | JFinalCMS 5.0.0 /admin/nav/update cross-site request forgery", "creation_timestamp": "2023-12-24T14:31:41.000000Z"}, {"uuid": "4ca9da80-a360-4240-9df9-40fc562367dc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-49448", "type": "seen", "source": "https://t.me/ctinow/159026", "content": "https://ift.tt/0FKjkeZ\nCVE-2023-49448 | JFinalCMS 5.0.0 admin/nav/delete cross-site request forgery", "creation_timestamp": "2023-12-24T14:31:40.000000Z"}, {"uuid": "ab8333c7-44b1-4792-a727-b317935189c7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-49442", "type": "seen", "source": "https://t.me/ctinow/162618", "content": "https://ift.tt/Ub8Gmzr\nCVE-2023-49442", "creation_timestamp": "2024-01-03T22:27:02.000000Z"}]}