{"vulnerability": "cve-2025-4647", "sightings": [{"uuid": "a5bff2c3-1131-4f7f-8ebb-962fbe590a2b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46477", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/13298", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-46477\n\ud83d\udd25 CVSS Score: 5.9 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Carlo La Pera WP Customize Login Page allows Stored XSS. This issue affects WP Customize Login Page: from n/a through 1.6.5.\n\ud83d\udccf Published: 2025-04-24T16:09:20.659Z\n\ud83d\udccf Modified: 2025-04-24T16:09:20.659Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/wp-customize-login-page/vulnerability/wordpress-wp-customize-login-page-1-6-5-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-24T17:06:54.000000Z"}, {"uuid": "9a22d9f7-de3d-47e9-96a4-ab8ae147dbf7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4647", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lp2cxiypl52t", "content": "", "creation_timestamp": "2025-05-13T10:52:41.929068Z"}, {"uuid": "3397cb18-135d-49a5-ba81-8d0156a9515f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46473", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/13287", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-46473\n\ud83d\udd25 CVSS Score: 7.2 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: Deserialization of Untrusted Data vulnerability in djjmz Social Counter allows Object Injection. This issue affects Social Counter: from n/a through 2.0.5.\n\ud83d\udccf Published: 2025-04-24T16:09:27.002Z\n\ud83d\udccf Modified: 2025-04-24T16:09:27.002Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/social-counter/vulnerability/wordpress-social-counter-2-0-5-php-object-injection-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-24T17:06:40.000000Z"}, {"uuid": "c52affc4-a398-448f-ac40-5a96c5b48449", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46479", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/13331", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-46479\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DevynCJohnson BBCode Deluxe allows DOM-Based XSS. This issue affects BBCode Deluxe: from n/a through 2020.08.01.2.\n\ud83d\udccf Published: 2025-04-24T16:09:10.182Z\n\ud83d\udccf Modified: 2025-04-24T20:02:35.725Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/bbcode-deluxe/vulnerability/wordpress-bbcode-deluxe-2020-08-01-2-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-24T20:06:40.000000Z"}, {"uuid": "afa397b6-89cf-4917-bcc8-80c0dd5a8f6e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46475", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/13330", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-46475\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in terrillthompson Able Player allows DOM-Based XSS. This issue affects Able Player: from n/a through 1.2.1.\n\ud83d\udccf Published: 2025-04-24T16:09:09.631Z\n\ud83d\udccf Modified: 2025-04-24T20:02:45.196Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/ableplayer/vulnerability/wordpress-able-player-1-2-1-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-24T20:06:39.000000Z"}, {"uuid": "ec2b2d3c-13ce-4a87-b19e-bb960f413daf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4647", "type": "seen", "source": "https://t.me/cvedetector/25176", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-4647 - Centreon Web Cross-Site Scripting (XSS)\", \n  \"Content\": \"CVE ID : CVE-2025-4647 \nPublished : May 13, 2025, 10:15 a.m. | 51\u00a0minutes ago \nDescription : Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon web allows Reflected XSS.  \n  \nA user with elevated privileges can bypass sanitization measures by replacing the content of an existing SVG.  \n  \nThis issue affects web: from 24.10.0 before 24.10.5, from 24.04.0 before 24.04.11, from 23.10.0 before 23.10.22, from 23.04.0 before 23.04.27, from 22.10.0 before 22.10.29. \nSeverity: 8.4 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"13 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-13T13:52:10.000000Z"}]}