{"vulnerability": "cve-2024-5500", "sightings": [{"uuid": "b2c3dcad-92aa-4e8e-a72b-ec0ab3d36845", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-55008", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lf62cp2eto22", "content": "", "creation_timestamp": "2025-01-07T16:16:30.350409Z"}, {"uuid": "067b68e6-14c0-45fc-b643-1a2f055d5e8d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-55000", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfpkexkajk2s", "content": "", "creation_timestamp": "2025-01-14T15:19:21.876189Z"}, {"uuid": "66434621-210a-4861-b712-cac116aab0d2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-55009", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lkri2j55l426", "content": "", "creation_timestamp": "2025-03-20T00:49:01.725988Z"}, {"uuid": "9f838ce1-82cb-4c6f-9e3b-553ddbfeeba1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-55008", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/439", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-55008\n\ud83d\udd39 Description: JATOS 3.9.4 contains a denial-of-service (DoS) vulnerability in the authentication system, where an attacker can prevent legitimate users from accessing their accounts by repeatedly sending multiple failed login attempts. Specifically, by submitting 3 incorrect login attempts every minute, the attacker can trigger the account lockout mechanism on the account level, effectively locking the user out indefinitely. Since the lockout is applied to the user account and not based on the IP address, any attacker can trigger the lockout on any user account, regardless of their privileges.\n\ud83d\udccf Published: 2025-01-07T00:00:00\n\ud83d\udccf Modified: 2025-01-07T15:11:30.416773\n\ud83d\udd17 References:\n1. http://jatos.com\n2. https://hacking-notes.medium.com/cve-2024-51379-jatos-v3-9-4-account-lockout-denial-of-service-cc970f4ca58f", "creation_timestamp": "2025-01-07T15:38:40.000000Z"}, {"uuid": "86d0ac13-ea5f-4c20-8106-fe669213b64a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-55009", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/8153", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-55009\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A reflected cross-site scripting (XSS) vulnerability in AutoBib - Bibliographic collection management system 3.1.140 and earlier allows attackers to execute arbitrary Javascript in the context of a victim's browser via injecting a crafted payload into the WCE=topFrame&amp;WCU= parameter.\n\ud83d\udccf Published: 2025-03-19T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-19T21:06:50.135Z\n\ud83d\udd17 References:\n1. https://youtu.be/1mSgChs-a8Q\n2. https://youtu.be/SHk3mdsd2mI\n3. https://medium.com/@r3dd1t/poc-cve-0b3ad0535631", "creation_timestamp": "2025-03-19T21:18:24.000000Z"}, {"uuid": "43f49d99-2873-430b-b614-72233f6a4f77", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-55009", "type": "seen", "source": "https://t.me/cvedetector/20685", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-55009 - AutoBib XSS\", \n  \"Content\": \"CVE ID : CVE-2024-55009 \nPublished : March 19, 2025, 9:15 p.m. | 16\u00a0minutes ago \nDescription : A reflected cross-site scripting (XSS) vulnerability in AutoBib - Bibliographic collection management system 3.1.140 and earlier allows attackers to execute arbitrary Javascript in the context of a victim's browser via injecting a crafted payload into the WCE=topFrame&amp;WCU= parameter. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"19 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-19T23:00:40.000000Z"}, {"uuid": "dcf56cbc-2040-4895-a2c1-9e3662f2b916", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-55000", "type": "seen", "source": "https://t.me/cvedetector/15269", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-55000 - Sourcecodester House Rental Management Cross Site Scripting (XSS)\", \n  \"Content\": \"CVE ID : CVE-2024-55000 \nPublished : Jan. 14, 2025, 3:15 p.m. | 45\u00a0minutes ago \nDescription : Sourcecodester House Rental Management system v1.0 is vulnerable to Cross Site Scripting (XSS) in rental/manage_categories.php. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-14T17:20:16.000000Z"}, {"uuid": "8558d31c-ece2-45af-8a4c-58fff6435a6b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-5500", "type": "seen", "source": "https://t.me/cvedetector/1027", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-5500 - Google Chrome Sign-In Implementation Bypass Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-5500 \nPublished : July 16, 2024, 11:15 p.m. | 44\u00a0minutes ago \nDescription : Inappropriate implementation in Sign-In in Google Chrome prior to 1.3.36.351 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"17 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-17T02:19:52.000000Z"}]}