{"vulnerability": "CVE-2020-2547", "sightings": [{"uuid": "8dd566bd-c01c-4023-bd60-10943a7ea0e0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-25475", "type": "seen", "source": "https://t.me/cibsecurity/16783", "content": "\u203c CVE-2020-25475 \u203c\n\nSimplePHPscripts News Script PHP Pro 2.3 is affected by a SQL Injection via the id parameter in an editNews action.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-11-24T18:46:58.000000Z"}, {"uuid": "c1d69497-8e3f-48b2-b0ac-37bc058cd115", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-25476", "type": "seen", "source": "https://t.me/cibsecurity/21772", "content": "\u203c CVE-2020-25476 \u203c\n\nLiferay CMS Portal version 7.1.3 and 7.2.1 have a blind persistent cross-site scripting (XSS) vulnerability in the user name parameter to Calendar. An attacker can insert the malicious payload on the username, lastname or surname fields of its own profile, and the malicious payload will be injected and reflected in the calendar of the user who submitted the payload. An attacker could escalate its privileges in case an admin visits the calendar that injected the payload.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-01-07T20:40:56.000000Z"}, {"uuid": "412a3ce2-df9d-4c06-9fcc-72038dc0940e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-25474", "type": "seen", "source": "https://t.me/cibsecurity/16781", "content": "\u203c CVE-2020-25474 \u203c\n\nSimplePHPscripts News Script PHP Pro 2.3 is affected by a Cross Site Scripting (XSS) vulnerability via the editor_name parameter.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-11-24T18:46:56.000000Z"}, {"uuid": "3ef78eeb-d8b3-44fe-aed3-b5edc45e0b2c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-25473", "type": "seen", "source": "https://t.me/cibsecurity/16780", "content": "\u203c CVE-2020-25473 \u203c\n\nSimplePHPscripts News Script PHP Pro 2.3 does not properly set the HttpOnly Flag from Session Cookies.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-11-24T18:46:55.000000Z"}, {"uuid": "9c5e7ed8-06f1-4eae-8b36-cc960dd42282", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-25472", "type": "seen", "source": "https://t.me/cibsecurity/16778", "content": "\u203c CVE-2020-25472 \u203c\n\nSimplePHPscripts News Script PHP Pro 2.3 is affected by a Cross Site Request Forgery (CSRF) vulnerability, which allows attackers to add new users.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-11-24T18:46:50.000000Z"}, {"uuid": "371fd786-c474-451b-b36c-06c0f67e2334", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-25470", "type": "seen", "source": "https://t.me/cibsecurity/15577", "content": "\u203c CVE-2020-25470 \u203c\n\nAntSword 2.1.8.1 contains a cross-site scripting (XSS) vulnerability in the View Site funtion. When viewing an added site, an XSS payload can be injected in cookies view which can lead to remote code execution.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-10-26T17:27:50.000000Z"}]}