{"vulnerability": "cve-2024-4839", "sightings": [{"uuid": "14b8d083-0f4b-44fe-9898-ae2b859d6061", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-48392", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lgebayyrpe24", "content": "", "creation_timestamp": "2025-01-22T21:02:00.360690Z"}, {"uuid": "352a764a-dbc6-4c56-abee-1efb48b500aa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-48392", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgbrkp7vlm2f", "content": "", "creation_timestamp": "2025-01-21T21:15:46.407968Z"}, {"uuid": "05713628-f68c-4f20-a769-14d4053526fa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-48394", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113953353359576542", "content": "", "creation_timestamp": "2025-02-05T21:16:22.363080Z"}, {"uuid": "469b5196-ab9a-44f4-9235-01a209d9a632", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-48394", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lhhlwoed7y2f", "content": "", "creation_timestamp": "2025-02-05T22:16:16.073811Z"}, {"uuid": "3541d515-605c-47b3-b7ca-47c5cd6bcbd5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-48392", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/2661", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-48392\n\ud83d\udd39 Description: OrangeScrum v2.0.11 is vulnerable to Cross Site Scripting (XSS). An attacker can inject malicious JavaScript code into user email due to lack of input validation, which could lead to account takeover.\n\ud83d\udccf Published: 2025-01-21T00:00:00.000Z\n\ud83d\udccf Modified: 2025-01-22T21:53:34.918Z\n\ud83d\udd17 References:\n1. https://www.orangescrum.com/\n2. https://github.com/Renzusclarke/CVE-2024-48392-PoC\n3. https://github.com/Renzusclarke/CVE-2024-48392-PoC/blob/main/poc.txt", "creation_timestamp": "2025-01-22T22:02:24.000000Z"}, {"uuid": "a922c563-04ac-4797-9130-8aee6f9f0a3a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-48396", "type": "seen", "source": "https://t.me/cvedetector/8987", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-48396 - AIML Chatbot Cross Site Scripting (XSS)\", \n  \"Content\": \"CVE ID : CVE-2024-48396 \nPublished : Oct. 25, 2024, 9:15 p.m. | 31\u00a0minutes ago \nDescription : AIML Chatbot 1.0 (fixed in 2.0) is vulnerable to Cross Site Scripting (XSS). The vulnerability is exploited through the message input field, where attackers can inject malicious HTML or JavaScript code. The chatbot fails to sanitize these inputs, leading to the execution of malicious scripts. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"25 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-25T23:46:39.000000Z"}]}