{"vulnerability": "CVE-2020-1111", "sightings": [{"uuid": "c80b8e16-0230-42e6-bd97-523709483c57", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-11110", "type": "seen", "source": "https://t.me/cibsecurity/13673", "content": "ATENTION\u203c New - CVE-2020-11110\n\nGrafana through 6.7.1 allows stored XSS.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-07-27T16:55:21.000000Z"}, {"uuid": "93c64d0e-a90a-4aee-9603-46d4147a9040", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-11110", "type": "published-proof-of-concept", "source": "https://t.me/thebugbountyhunter/5474", "content": "Exploit CVE-2020-11110 Grafana Stored XSS\n\nhttps://ctf-writeup.revers3c.com/challenges/web/CVE-2020-11110/index.html", "creation_timestamp": "2021-06-19T00:23:22.000000Z"}, {"uuid": "a73daf5b-fa8c-4916-89c3-520400ab97c8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-11110", "type": "seen", "source": "https://t.me/arpsyndicate/2609", "content": "#ExploitObserverAlert\n\nCVE-2020-11110\n\nDESCRIPTION: Exploit Observer has 10 entries related to CVE-2020-11110. Grafana through 6.7.1 allows stored XSS due to insufficient input protection in the originalUrl field, which allows an attacker to inject JavaScript code that will be executed after clicking on Open Original Dashboard after visiting the snapshot.\n\nFIRST-EPSS: 0.005120000\nNVD-IS: 2.7\nNVD-ES: 2.3", "creation_timestamp": "2024-01-07T03:27:04.000000Z"}, {"uuid": "88948896-8a89-45a9-ac92-573a5ee804f5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-11110", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/9743", "content": "#exploit\n1. CVE-2023-31446:\nDodge OPTIFY RCE\nhttps://github.com/Dodge-MPTC/CVE-2023-31446-Remote-Code-Execution\n\n2. CVE-2020-11110:\nGrafana Stored CSS\nhttps://github.com/AVE-Stoik/CVE-2020-11110-Proof-of-Concept/tree/main\n\n3.\u00a0CVE-2023-51467:\nApache Ofbiz Exploit\nhttps://github.com/JaneMandy/CVE-2023-51467-Exploit", "creation_timestamp": "2024-01-07T22:09:15.000000Z"}, {"uuid": "29362ae9-1164-4039-94b2-f32ef5e09487", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-11118", "type": "seen", "source": "https://t.me/cibsecurity/14512", "content": "ATENTION\u203c New - CVE-2020-11118\n\nu'Information exposure issues while processing IE header due to improper check of beacon IE frame' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, Bitra, Kamorta, MDM9150, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8998, Nicobar, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCM2150, QCN7605, QCS405, QCS605, QCS610, QM215, Rennell, Saipan, SC8180X, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-09-08T14:55:34.000000Z"}, {"uuid": "6fd7773d-e9dd-4964-924c-4979152e0734", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-11117", "type": "seen", "source": "https://t.me/cibsecurity/14513", "content": "ATENTION\u203c New - CVE-2020-11117\n\nu'In the lbd service, an external user can issue a specially crafted debug command to overwrite arbitrary files with arbitrary content resulting in remote code execution.' in Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ6018, IPQ8064, IPQ8074, QCA4531, QCA9531, QCA9980\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-09-08T14:55:35.000000Z"}, {"uuid": "14422853-ccf8-41c3-abc4-a347af508afb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-11116", "type": "seen", "source": "https://t.me/cibsecurity/14514", "content": "ATENTION\u203c New - CVE-2020-11116\n\nu'Possible out of bound write while processing association response received from host due to lack of check of IE length' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8053, APQ8096AU, APQ8098, Bitra, Kamorta, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCM2150, QCN7605, QCS405, QCS605, QCS610, QM215, SA6155P, Saipan, SC8180X, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM845, SDX20, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-09-08T14:55:36.000000Z"}, {"uuid": "37ed649a-bbe6-486c-b02e-c2178522a5e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-11115", "type": "seen", "source": "https://t.me/cibsecurity/14515", "content": "ATENTION\u203c New - CVE-2020-11115\n\nu'Buffer over read occurs while processing information element from beacon due to lack of check of data received from beacon' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8053, APQ8096AU, APQ8098, Bitra, Kamorta, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCM2150, QCN7605, QCS405, QCS605, QM215, Rennell, SA415M, Saipan, SC8180X, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM660, SDM845, SDX20, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-09-08T14:55:38.000000Z"}, {"uuid": "4da4dbc1-6f86-4fe0-af65-f014cc7330fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-11110", "type": "published-proof-of-concept", "source": "https://t.me/Rootsec_2/2439", "content": "#exploit\n1. CVE-2023-31446:\nDodge OPTIFY RCE\nhttps://github.com/Dodge-MPTC/CVE-2023-31446-Remote-Code-Execution\n\n2. CVE-2020-11110:\nGrafana Stored CSS\nhttps://github.com/AVE-Stoik/CVE-2020-11110-Proof-of-Concept/tree/main\n\n3.\u00a0CVE-2023-51467:\nApache Ofbiz Exploit\nhttps://github.com/JaneMandy/CVE-2023-51467-Exploit", "creation_timestamp": "2024-08-16T09:01:19.000000Z"}]}