{"vulnerability": "CVE-2020-2895", "sightings": [{"uuid": "e933d396-b7ea-4d6b-bb94-25ccef896b17", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-28955", "type": "seen", "source": "https://t.me/cibsecurity/31067", "content": "\u203c CVE-2020-28955 \u203c\n\nSugarCRM v6.5.18 was discovered to contain a cross-site scripting (XSS) vulnerability in the Create Employee module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the First Name or Last Name input fields.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-23T00:39:38.000000Z"}, {"uuid": "e77b2021-b17b-41a6-b8a6-cec4fe178305", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-28957", "type": "seen", "source": "https://t.me/cibsecurity/31063", "content": "\u203c CVE-2020-28957 \u203c\n\nMultiple cross-site scripting (XSS) vulnerabilities in the Customer Add module of Foxlor v0.10.16 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the name, firstname, or username input fields.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-23T00:39:31.000000Z"}, {"uuid": "17355641-53b0-4c12-bbb4-43ed27901f22", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-28953", "type": "seen", "source": "https://t.me/cibsecurity/16644", "content": "\u203c CVE-2020-28953 \u203c\n\nIn BigBlueButton before 2.2.29, a user can vote more than once in a single poll.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-11-20T00:42:04.000000Z"}, {"uuid": "c89274b7-9271-4f34-a869-014255db83fc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-28952", "type": "seen", "source": "https://t.me/cibsecurity/24645", "content": "\u203c CVE-2020-28952 \u203c\n\nAn issue was discovered on Athom Homey and Homey Pro devices before 5.0.0. ZigBee hub devices should generate a unique Standard Network Key that is then exchanged with all enrolled devices so that all inter-device communication is encrypted. However, the cited Athom products use another widely known key that is designed for testing purposes: \"01030507090b0d0f00020406080a0c0d\" (the decimal equivalent of 1 3 5 7 9 11 13 15 0 2 4 6 8 10 12 13), which is human generated and static across all issued devices.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-03-09T22:51:51.000000Z"}, {"uuid": "142a05b7-d7b0-4a50-bec1-99cd7471ac72", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-28950", "type": "seen", "source": "https://t.me/cibsecurity/17175", "content": "\u203c CVE-2020-28950 \u203c\n\nThe installer of Kaspersky Anti-Ransomware Tool (KART) prior to KART 4.0 Patch C was vulnerable to a DLL hijacking attack that allowed an attacker to elevate privileges during installation process.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-05T00:27:31.000000Z"}]}