{"vulnerability": "CVE-2019-2509", "sightings": [{"uuid": "3808eb23-4dbd-47e7-9cb7-24fe0626b903", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-25093", "type": "seen", "source": "https://t.me/cibsecurity/55734", "content": "\u203c CVE-2019-25093 \u203c\n\nA vulnerability, which was classified as problematic, was found in dragonexpert Recent Threads on Index. Affected is the function recentthread_list_threads of the file inc/plugins/recentthreads/hooks.php of the component Setting Handler. The manipulation of the argument recentthread_forumskip leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is 051465d807a8fcc6a8b0f4bcbb19299672399f48. It is recommended to apply a patch to fix this issue. VDB-217182 is the identifier assigned to this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-08T18:58:17.000000Z"}, {"uuid": "f5da9b78-ffcb-4cc6-8953-5168fe801c68", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-25092", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11437", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2019-25092\n\ud83d\udd25 CVSS Score: 2.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: A vulnerability classified as problematic was found in Nakiami Mellivora up to 2.1.x. Affected by this vulnerability is the function print_user_ip_log of the file include/layout/user.inc.php of the component Admin Panel. The manipulation of the argument $entry['ip'] leads to cross site scripting. The attack can be launched remotely. Upgrading to version 2.2.0 is able to address this issue. The name of the patch is e0b6965f8dde608a3d2621617c05695eb406cbb9. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216955.\n\ud83d\udccf Published: 2022-12-28T08:55:59.183Z\n\ud83d\udccf Modified: 2025-04-11T14:32:28.267Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.216955\n2. https://vuldb.com/?ctiid.216955\n3. https://github.com/Nakiami/mellivora/commit/e0b6965f8dde608a3d2621617c05695eb406cbb9\n4. https://github.com/Nakiami/mellivora/releases/tag/v2.2.0", "creation_timestamp": "2025-04-11T14:51:10.000000Z"}, {"uuid": "7a2a12af-fe89-4326-aa23-60481822258b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-25090", "type": "seen", "source": "https://t.me/cibsecurity/55398", "content": "\u203c CVE-2019-25090 \u203c\n\nA vulnerability was found in FreePBX arimanager up to 13.0.5.3 and classified as problematic. Affected by this issue is some unknown functionality of the component Views Handler. The manipulation of the argument dataurl leads to cross site scripting. The attack may be launched remotely. Upgrading to version 13.0.5.4 is able to address this issue. The name of the patch is 199dea7cc7020d3c469a86a39fbd80f5edd3c5ab. It is recommended to upgrade the affected component. VDB-216878 is the identifier assigned to this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-27T16:22:17.000000Z"}, {"uuid": "666eed1e-0764-4d59-abc5-dbda8bf39f5b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-25096", "type": "seen", "source": "https://t.me/cibsecurity/55945", "content": "\u203c CVE-2019-25096 \u203c\n\nA vulnerability has been found in soerennb eXtplorer up to 2.1.12 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 2.1.13 is able to address this issue. The name of the patch is b8fcb888f4ff5e171c16797a4b075c6c6f50bf46. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217435.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-05T12:23:58.000000Z"}, {"uuid": "fcdcf6f8-e70f-46ff-9cfa-a19814c47f47", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-25099", "type": "seen", "source": "https://t.me/cibsecurity/56043", "content": "\u203c CVE-2019-25099 \u203c\n\nA vulnerability classified as critical was found in Arthmoor QSF-Portal. This vulnerability affects unknown code of the file index.php. The manipulation of the argument a leads to path traversal. The name of the patch is ea4f61e23ecb83247d174bc2e2cbab521c751a7d. It is recommended to apply a patch to fix this issue. VDB-217558 is the identifier assigned to this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-06T16:20:10.000000Z"}]}