{"vulnerability": "CVE-2020-2323", "sightings": [{"uuid": "f73e0daf-6947-4ec5-a586-2d87e1993475", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-23234", "type": "seen", "source": "https://t.me/cibsecurity/26532", "content": "\u203c CVE-2020-23234 \u203c\n\nCross Site Scripting (XSS) vulnerabiity exists in LavaLite CMS 5.8.0 via the Menu Blocks feature, which can be bypassed by using HTML event handlers, such as \"ontoggle,\".\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-07-27T00:12:02.000000Z"}, {"uuid": "4e9808f5-a887-48e6-a52a-fb0eedfc4c44", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-23239", "type": "seen", "source": "https://t.me/cibsecurity/26531", "content": "\u203c CVE-2020-23239 \u203c\n\nCross Site Scripting (XSS) vulnerability in Textpattern CMS 4.8.1 via Custom fields in the Menu Preferences feature.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-07-27T00:11:58.000000Z"}, {"uuid": "3c946b9a-7210-4b3b-9108-1cf91cdbdb49", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-23238", "type": "seen", "source": "https://t.me/cibsecurity/26522", "content": "\u203c CVE-2020-23238 \u203c\n\nCross Site Scripting (XSS) vulnerability in Evolution CMS 2.0.2 via the Document Manager feature.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-07-27T00:11:47.000000Z"}, {"uuid": "4992a139-0c9d-4ae3-8d39-032dbcfa5f4f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-2323", "type": "seen", "source": "https://t.me/cibsecurity/17095", "content": "\u203c CVE-2020-2323 \u203c\n\nJenkins Chaos Monkey Plugin 0.4 and earlier does not perform permission checks in an HTTP endpoint, allowing attackers with Overall/Read permission to access the Chaos Monkey page and to see the history of actions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-03T18:25:22.000000Z"}]}