{"vulnerability": "CVE-2020-3512", "sightings": [{"uuid": "53f14535-4ba7-42b6-8be9-0b05f9ab466f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35129", "type": "seen", "source": "https://t.me/cibsecurity/22262", "content": "\u203c CVE-2020-35129 \u203c\n\nMautic before 3.2.4 is affected by stored XSS. An attacker with access to Social Monitoring, an application feature, could attack other users, including administrators. For example, an attacker could load an externally drafted JavaScript file that would allow them to eventually perform actions on the target user\u00e2\u20ac\u2122s behalf, including changing the user\u00e2\u20ac\u2122s password or email address or changing the attacker\u00e2\u20ac\u2122s user role from a low-privileged user to an administrator account.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-01-19T16:56:03.000000Z"}, {"uuid": "9b5af084-dd84-48e5-b821-f257d3332a5a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35128", "type": "seen", "source": "https://t.me/cibsecurity/22261", "content": "\u203c CVE-2020-35128 \u203c\n\nMautic before 3.2.4 is affected by stored XSS. An attacker with permission to manage companies, an application feature, could attack other users, including administrators. For example, by loading an externally crafted JavaScript file, an attacker could eventually perform actions as the target user. These actions include changing the user passwords, altering user or email addresses, or adding a new administrator to the system.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-01-19T16:56:02.000000Z"}, {"uuid": "5563fd8a-600e-4217-a3a0-6ce4028b06b2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35123", "type": "seen", "source": "https://t.me/cibsecurity/20970", "content": "\u203c CVE-2020-35123 \u203c\n\nIn Zimbra Collaboration Suite Network Edition versions < 9.0.0 P10 and 8.8.15 P17, there exists an XXE vulnerability in the saml consumer store extension, which is vulnerable to XXE attacks. This has been fixed in Zimbra Collaboration Suite Network edition 9.0.0 Patch 10 and 8.8.15 Patch 17.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-17T07:42:16.000000Z"}, {"uuid": "d215b77a-4e83-4802-bea6-33b367ff8b1a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35122", "type": "seen", "source": "https://t.me/cibsecurity/20903", "content": "\u203c CVE-2020-35122 \u203c\n\nAn issue was discovered in the Keysight Database Connector plugin before 1.5.0 for Confluence. A malicious user could bypass the access controls for using a saved database connection profile to submit arbitrary SQL against a saved database connection.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-16T02:46:03.000000Z"}, {"uuid": "e51e042d-4684-42fd-afb7-a16df86ff34f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35121", "type": "seen", "source": "https://t.me/cibsecurity/20896", "content": "\u203c CVE-2020-35121 \u203c\n\nAn issue was discovered in the Keysight Database Connector plugin before 1.5.0 for Confluence. A malicious user could insert arbitrary JavaScript into saved macro parameters that would execute when a user viewed a page with that instance of the macro.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-16T02:45:54.000000Z"}, {"uuid": "f27f2b5d-0991-4756-bcc0-325345c682fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35126", "type": "seen", "source": "https://t.me/cibsecurity/19928", "content": "\u203c CVE-2020-35126 \u203c\n\n** DISPUTED ** Typesetter CMS 5.x through 5.1 allows admins to conduct Site Title persistent XSS attacks via an Admin/Configuration URI. NOTE: the significance of this report is disputed because \"admins are considered trustworthy.\"\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-11T13:25:08.000000Z"}, {"uuid": "baa845f8-47ae-4296-950a-d83f8bde9e04", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35127", "type": "seen", "source": "https://t.me/cibsecurity/19807", "content": "\u203c CVE-2020-35127 \u203c\n\nIgnite Realtime Openfire 4.6.0 has plugins/bookmarks/create-bookmark.jsp Stored XSS.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-11T08:25:17.000000Z"}, {"uuid": "17b8a971-5a53-47ad-b9c1-4d2df16559d7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35126", "type": "seen", "source": "https://t.me/cibsecurity/19948", "content": "\u203c CVE-2020-35126 \u203c\n\n** DISPUTED ** Typesetter CMS 5.x through 5.1 allows admins to conduct Site Title persistent XSS attacks via an Admin/Configuration URI. NOTE: the significance of this report is disputed because \"admins are considered trustworthy.\"\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-11T14:25:18.000000Z"}, {"uuid": "15103cf4-89ff-4b80-af73-198092d78c1f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35126", "type": "seen", "source": "https://t.me/cibsecurity/19809", "content": "\u203c CVE-2020-35126 \u203c\n\n** DISPUTED ** Typesetter CMS 5.x through 5.1 allows admins to conduct Site Title persistent XSS attacks via an Admin/Configuration URI. NOTE: the significance of this report is disputed because \"admins are considered trustworthy.\"\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-11T08:25:19.000000Z"}, {"uuid": "be0fc5e6-4ce2-4399-a32c-df53461cb87a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35126", "type": "seen", "source": "https://t.me/cibsecurity/19789", "content": "\u203c CVE-2020-35126 \u203c\n\n** DISPUTED ** Typesetter CMS 5.x through 5.1 allows admins to conduct Site Title persistent XSS attacks via an Admin/Configuration URI. NOTE: the significance of this report is disputed because \"admins are considered trustworthy.\"\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-11T07:38:07.000000Z"}, {"uuid": "b5b45221-b134-4b8e-bca3-a9e03ee38497", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35127", "type": "seen", "source": "https://t.me/cibsecurity/19787", "content": "\u203c CVE-2020-35127 \u203c\n\nIgnite Realtime Openfire 4.6.0 has plugins/bookmarks/create-bookmark.jsp Stored XSS.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-11T07:38:05.000000Z"}, {"uuid": "24b97a5c-e748-4dc2-99f7-4133ce6dd888", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35126", "type": "seen", "source": "https://t.me/cibsecurity/19769", "content": "\u203c CVE-2020-35126 \u203c\n\n** DISPUTED ** Typesetter CMS 5.x through 5.1 allows admins to conduct Site Title persistent XSS attacks via an Admin/Configuration URI. NOTE: the significance of this report is disputed because \"admins are considered trustworthy.\"\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-11T07:35:06.000000Z"}, {"uuid": "dcf679f1-a045-4d53-bcd7-65bd55c4c4c1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35126", "type": "seen", "source": "https://t.me/cibsecurity/19908", "content": "\u203c CVE-2020-35126 \u203c\n\n** DISPUTED ** Typesetter CMS 5.x through 5.1 allows admins to conduct Site Title persistent XSS attacks via an Admin/Configuration URI. NOTE: the significance of this report is disputed because \"admins are considered trustworthy.\"\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-11T12:35:04.000000Z"}, {"uuid": "b6b3615b-2eb0-4877-99bb-34bd3a7586eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35127", "type": "seen", "source": "https://t.me/cibsecurity/19767", "content": "\u203c CVE-2020-35127 \u203c\n\nIgnite Realtime Openfire 4.6.0 has plugins/bookmarks/create-bookmark.jsp Stored XSS.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-11T07:35:03.000000Z"}, {"uuid": "174f4bee-540f-4c85-ae13-166b45302cee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35126", "type": "seen", "source": "https://t.me/cibsecurity/19889", "content": "\u203c CVE-2020-35126 \u203c\n\n** DISPUTED ** Typesetter CMS 5.x through 5.1 allows admins to conduct Site Title persistent XSS attacks via an Admin/Configuration URI. NOTE: the significance of this report is disputed because \"admins are considered trustworthy.\"\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-11T12:25:06.000000Z"}, {"uuid": "3ad931f7-5278-45d2-ad8a-cb4c6a9cba9d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35126", "type": "seen", "source": "https://t.me/cibsecurity/19869", "content": "\u203c CVE-2020-35126 \u203c\n\n** DISPUTED ** Typesetter CMS 5.x through 5.1 allows admins to conduct Site Title persistent XSS attacks via an Admin/Configuration URI. NOTE: the significance of this report is disputed because \"admins are considered trustworthy.\"\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-11T11:25:14.000000Z"}, {"uuid": "49b92e60-345f-4f49-8494-89a3a5b36416", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35127", "type": "seen", "source": "https://t.me/cibsecurity/19887", "content": "\u203c CVE-2020-35127 \u203c\n\nIgnite Realtime Openfire 4.6.0 has plugins/bookmarks/create-bookmark.jsp Stored XSS.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-11T12:25:04.000000Z"}, {"uuid": "9c948074-f434-419c-9247-fc44fcf9b6d9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35127", "type": "seen", "source": "https://t.me/cibsecurity/19867", "content": "\u203c CVE-2020-35127 \u203c\n\nIgnite Realtime Openfire 4.6.0 has plugins/bookmarks/create-bookmark.jsp Stored XSS.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-11T11:25:12.000000Z"}, {"uuid": "5c1e5dce-8c11-44b6-bb9c-0c2329cb702e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35126", "type": "seen", "source": "https://t.me/cibsecurity/19849", "content": "\u203c CVE-2020-35126 \u203c\n\n** DISPUTED ** Typesetter CMS 5.x through 5.1 allows admins to conduct Site Title persistent XSS attacks via an Admin/Configuration URI. NOTE: the significance of this report is disputed because \"admins are considered trustworthy.\"\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-11T10:25:21.000000Z"}, {"uuid": "2b1353ab-24cc-472a-8652-452015c9f8c1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35127", "type": "seen", "source": "https://t.me/cibsecurity/19847", "content": "\u203c CVE-2020-35127 \u203c\n\nIgnite Realtime Openfire 4.6.0 has plugins/bookmarks/create-bookmark.jsp Stored XSS.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-11T10:25:18.000000Z"}, {"uuid": "7ee2eb2a-f04d-4579-aa61-f983d8128515", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35126", "type": "seen", "source": "https://t.me/cibsecurity/19829", "content": "\u203c CVE-2020-35126 \u203c\n\n** DISPUTED ** Typesetter CMS 5.x through 5.1 allows admins to conduct Site Title persistent XSS attacks via an Admin/Configuration URI. NOTE: the significance of this report is disputed because \"admins are considered trustworthy.\"\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-11T09:25:16.000000Z"}, {"uuid": "b02cdee5-3ba6-400c-bd29-a069ba8ebd12", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35127", "type": "seen", "source": "https://t.me/cibsecurity/19827", "content": "\u203c CVE-2020-35127 \u203c\n\nIgnite Realtime Openfire 4.6.0 has plugins/bookmarks/create-bookmark.jsp Stored XSS.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-11T09:25:14.000000Z"}]}