{"vulnerability": "cve-2024-5194", "sightings": [{"uuid": "adcccb91-6b60-4b29-b89d-083a733c451c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-51940", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113506283915241561", "content": "", "creation_timestamp": "2024-11-18T22:20:44.055352Z"}, {"uuid": "694b603a-233e-447a-8ff2-ec4bfcd13fc7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-51941", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3lgbroafrmn2t", "content": "", "creation_timestamp": "2025-01-21T21:17:45.512778Z"}, {"uuid": "1eb7d233-6182-4b2a-a8c8-48b50c935844", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-51941", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgbuwayoiv2t", "content": "", "creation_timestamp": "2025-01-21T22:15:54.783782Z"}, {"uuid": "f7d935c9-cc1c-4b29-a221-9ea551b77e7d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-51941", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3lgfzyb2qtc2p", "content": "", "creation_timestamp": "2025-01-23T13:57:10.676685Z"}, {"uuid": "3133c3f5-d680-4c69-92e7-d68598143d92", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-51941", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/113872794139430648", "content": "", "creation_timestamp": "2025-01-22T15:49:08.918437Z"}, {"uuid": "34d4ded9-ea43-4575-8993-52d9083a54ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-51941", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lgdpsq6ne52y", "content": "", "creation_timestamp": "2025-01-22T15:49:50.953172Z"}, {"uuid": "4badff1b-58a0-4184-83f9-cbafb805ef40", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-51948", "type": "seen", "source": "MISP/e1f6260f-3311-441b-92ae-e04cd5eb5f72", "content": "", "creation_timestamp": "2025-08-19T13:26:46.000000Z"}, {"uuid": "d7644f56-917d-47ba-9fc6-2a4466fc1885", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-51942", "type": "seen", "source": "MISP/e1f6260f-3311-441b-92ae-e04cd5eb5f72", "content": "", "creation_timestamp": "2025-08-19T13:26:46.000000Z"}, {"uuid": "19bf214b-3232-4ca9-8f60-131b16a73975", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-51946", "type": "seen", "source": "MISP/e1f6260f-3311-441b-92ae-e04cd5eb5f72", "content": "", "creation_timestamp": "2025-08-19T13:26:46.000000Z"}, {"uuid": "02904548-3a0e-4ade-aa8a-8e9c5474b15d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-51949", "type": "seen", "source": "https://t.me/cvedetector/19424", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-51949 - ArcGIS Server Stored Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-51949 \nPublished : March 3, 2025, 8:15 p.m. | 2\u00a0hours, 14\u00a0minutes ago \nDescription : There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 10.9.1 \u2013 11.3 that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim\u2019s browser.  The privileges required to execute this attack are high, requiring publisher capabilities.  The impact is low to both confidentiality and integrity while having no impact to availability. \nSeverity: 4.8 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"03 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-03T23:56:32.000000Z"}, {"uuid": "89fb6023-d768-4203-96fb-0562a2baf329", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-51940", "type": "seen", "source": "MISP/1c5c38d6-3401-41ac-be0e-4cf361fa6f51", "content": "", "creation_timestamp": "2025-09-25T00:36:28.000000Z"}, {"uuid": "b4be2082-eb75-4859-ae89-cbcaed886858", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-51947", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/6292", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-51947\n\ud83d\udd25 CVSS Score: 4.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 10.9.1 \u2013 11.3 that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim\u2019s browser.  The privileges required to execute this attack are high, requiring publisher capabilities.  The impact is low to both confidentiality and integrity while having no impact to availability.\n\ud83d\udccf Published: 2025-03-03T19:38:46.337Z\n\ud83d\udccf Modified: 2025-03-03T20:53:53.690Z\n\ud83d\udd17 References:\n1. https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/arcgis-server-security-2025-update-1-patch/", "creation_timestamp": "2025-03-03T21:30:42.000000Z"}, {"uuid": "330b0ccb-dc23-4764-8fed-2572295d43e7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-51941", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/2500", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-51941\n\ud83d\udd39 Description: A remote code injection vulnerability exists in the Ambari Metrics and \nAMS Alerts feature, allowing authenticated users to inject and execute \narbitrary code. The vulnerability occurs when processing alert \ndefinitions, where malicious input can be injected into the alert script\n execution path. An attacker with authenticated access can exploit this \nvulnerability to execute arbitrary commands on the server. The issue has\n been fixed in the latest versions of Ambari.\n\ud83d\udccf Published: 2025-01-21T21:24:23.360Z\n\ud83d\udccf Modified: 2025-01-21T21:24:23.360Z\n\ud83d\udd17 References:\n1. https://lists.apache.org/thread/xq50nlff7o7z1kq3y637clzzl6mjhl8j", "creation_timestamp": "2025-01-21T22:01:21.000000Z"}, {"uuid": "ff9d912c-64d3-4a99-8253-dfade88861ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-51945", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/11321", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-51945\n\ud83d\udd25 CVSS Score: 4.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim\u2019s browser.  The privileges required to execute this attack are high, requiring publisher capabilities.  The impact is low to both confidentiality and integrity while having no impact to availability.\n\ud83d\udccf Published: 2025-03-03T19:38:22.201Z\n\ud83d\udccf Modified: 2025-04-10T19:35:39.648Z\n\ud83d\udd17 References:\n1. https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/arcgis-server-security-2025-update-1-patch/", "creation_timestamp": "2025-04-10T19:49:05.000000Z"}, {"uuid": "32ddf15d-6808-45f8-a10b-c20f493abefa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-51946", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/11328", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-51946\n\ud83d\udd25 CVSS Score: 4.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim\u2019s browser.  The privileges required to execute this attack are high, requiring publisher capabilities.  The impact is low to both confidentiality and integrity while having no impact to availability.\n\ud83d\udccf Published: 2025-03-03T19:38:35.952Z\n\ud83d\udccf Modified: 2025-04-10T19:31:05.927Z\n\ud83d\udd17 References:\n1. https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/arcgis-server-security-2025-update-1-patch/", "creation_timestamp": "2025-04-10T19:49:16.000000Z"}, {"uuid": "f81d890f-39d4-4415-9127-6e6ef4f42f8a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-51942", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/11332", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-51942\n\ud83d\udd25 CVSS Score: 4.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim\u2019s browser.  The privileges required to execute this attack are high, requiring publisher capabilities.  The impact is low to both confidentiality and integrity while having no impact to availability.\n\ud83d\udccf Published: 2025-03-03T19:37:30.716Z\n\ud83d\udccf Modified: 2025-04-10T19:28:26.264Z\n\ud83d\udd17 References:\n1. https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/arcgis-server-security-2025-update-1-patch/", "creation_timestamp": "2025-04-10T19:49:20.000000Z"}, {"uuid": "f8114da2-ea60-4bf1-a5c4-1f455e4744c6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-51947", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/11327", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-51947\n\ud83d\udd25 CVSS Score: 4.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim\u2019s browser.  The privileges required to execute this attack are high, requiring publisher capabilities.  The impact is low to both confidentiality and integrity while having no impact to availability.\n\ud83d\udccf Published: 2025-03-03T19:38:46.337Z\n\ud83d\udccf Modified: 2025-04-10T19:31:55.130Z\n\ud83d\udd17 References:\n1. https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/arcgis-server-security-2025-update-1-patch/", "creation_timestamp": "2025-04-10T19:49:13.000000Z"}, {"uuid": "db98708c-a4f7-4e5f-843e-c52b71f7e630", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-51948", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/11326", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-51948\n\ud83d\udd25 CVSS Score: 4.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim\u2019s browser.  The privileges required to execute this attack are high, requiring publisher capabilities.  The impact is low to both confidentiality and integrity while having no impact to availability.\n\ud83d\udccf Published: 2025-03-03T19:38:56.660Z\n\ud83d\udccf Modified: 2025-04-10T19:32:33.258Z\n\ud83d\udd17 References:\n1. https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/arcgis-server-security-2025-update-1-patch/", "creation_timestamp": "2025-04-10T19:49:12.000000Z"}, {"uuid": "59d69e44-c8f3-498a-882c-421e371ab6b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-51949", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/11325", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-51949\n\ud83d\udd25 CVSS Score: 4.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim\u2019s browser.  The privileges required to execute this attack are high, requiring publisher capabilities.  The impact is low to both confidentiality and integrity while having no impact to availability.\n\ud83d\udccf Published: 2025-03-03T19:39:14.394Z\n\ud83d\udccf Modified: 2025-04-10T19:33:14.560Z\n\ud83d\udd17 References:\n1. https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/arcgis-server-security-2025-update-1-patch/", "creation_timestamp": "2025-04-10T19:49:11.000000Z"}, {"uuid": "951c7783-8608-4bc5-bf51-9dca43c76828", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-51944", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/11329", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-51944\n\ud83d\udd25 CVSS Score: 4.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim\u2019s browser.  The privileges required to execute this attack are high, requiring publisher capabilities.  The impact is low to both confidentiality and integrity while having no impact to availability.\n\ud83d\udccf Published: 2025-03-03T19:38:10.721Z\n\ud83d\udccf Modified: 2025-04-10T19:30:28.196Z\n\ud83d\udd17 References:\n1. https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/arcgis-server-security-2025-update-1-patch/", "creation_timestamp": "2025-04-10T19:49:17.000000Z"}, {"uuid": "8cffe23f-6d42-4b53-b6f8-f6a8149cbaf3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-51941", "type": "seen", "source": "https://t.me/cvedetector/16034", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-51941 - Apache Ambari Remote Code Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-51941 \nPublished : Jan. 21, 2025, 10:15 p.m. | 18\u00a0minutes ago \nDescription : A remote code injection vulnerability exists in the Ambari Metrics and   \nAMS Alerts feature, allowing authenticated users to inject and execute   \narbitrary code. The vulnerability occurs when processing alert   \ndefinitions, where malicious input can be injected into the alert script  \n execution path. An attacker with authenticated access can exploit this   \nvulnerability to execute arbitrary commands on the server. The issue has  \n been fixed in the latest versions of Ambari. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"21 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-21T23:40:23.000000Z"}, {"uuid": "112f32f5-5858-4a2d-be0d-cbccf669d8ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-51940", "type": "seen", "source": "https://t.me/cvedetector/11408", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-51940 - Sohelwpexpert WP Responsive Video DOM-Based XSS Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-51940 \nPublished : Nov. 18, 2024, 11:15 p.m. | 30\u00a0minutes ago \nDescription : Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in sohelwpexpert WP Responsive Video allows DOM-Based XSS.This issue affects WP Responsive Video: from n/a through 1.0. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"19 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-19T00:55:09.000000Z"}]}