{"vulnerability": "CVE-2020-3660", "sightings": [{"uuid": "4c6ef779-d28d-4ff9-bd47-3cb2899e769c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-36605", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/14860", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2020-36605\n\ud83d\udd25 CVSS Score: 6.6 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H)\n\ud83d\udd39 Description: Incorrect Default Permissions vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Analytics probe component), Hitachi Ops Center Analyzer on Linux (Analyzer probe component), Hitachi Ops Center Viewpoint on Linux (Viewpoint RAID Agent component) allows local users to read and write specific files.\n\n\n\nThis issue affects Hitachi Infrastructure Analytics Advisor: from 2.0.0-00 through 4.4.0-00; Hitachi Ops Center Analyzer: from 10.0.0-00 before 10.9.0-00; Hitachi Ops Center Viewpoint: from 10.8.0-00 before 10.9.0-00.\n\n\ud83d\udccf Published: 2022-11-01T02:07:14.263Z\n\ud83d\udccf Modified: 2025-05-05T14:12:27.827Z\n\ud83d\udd17 References:\n1. https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2022-134/index.html", "creation_timestamp": "2025-05-05T14:20:27.000000Z"}, {"uuid": "670c55eb-18c0-411c-abb3-86f86f001c5a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-36607", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/12752", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2020-36607\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Cross Site Scripting (XSS) vulnerability in FeehiCMS 2.0.8 allows remote attackers to run arbitrary code via tha lang attribute of an html tag.\n\ud83d\udccf Published: 2022-12-15T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-21T19:19:51.402Z\n\ud83d\udd17 References:\n1. https://github.com/liufee/cms/issues/45", "creation_timestamp": "2025-04-21T20:03:24.000000Z"}, {"uuid": "b0aecafc-269b-4270-b02f-f4bedff7428b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-36605", "type": "seen", "source": "https://t.me/cibsecurity/52342", "content": "\u203c CVE-2020-36605 \u203c\n\nIncorrect Default Permissions vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Analytics probe component), Hitachi Ops Center Analyzer on Linux (Analyzer probe component), Hitachi Ops Center Viewpoint on Linux (Viewpoint RAID Agent component) allows local users to read and write specific files.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-01T06:13:35.000000Z"}, {"uuid": "2bba3c9f-da34-4e4d-a429-ba64c6420c32", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-36607", "type": "seen", "source": "https://t.me/cibsecurity/54609", "content": "\u203c CVE-2020-36607 \u203c\n\nCross Site Scripting (XSS) vulnerability in FeehiCMS 2.0.8 allows remote attackers to run arbitrary code via tha lang attribute of an html tag.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-15T22:23:36.000000Z"}, {"uuid": "37e7284e-7779-4699-93c5-de1861becf48", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-36608", "type": "seen", "source": "https://t.me/cibsecurity/52491", "content": "\u203c CVE-2020-36608 \u203c\n\nA vulnerability, which was classified as problematic, has been found in Tribal Systems Zenario CMS. Affected by this issue is some unknown functionality of the file admin_organizer.js of the component Error Log Module. The manipulation leads to cross site scripting. The attack may be launched remotely. The name of the patch is dfd0afacb26c3682a847bea7b49ea440b63f3baa. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-212816.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-02T21:19:53.000000Z"}, {"uuid": "d9ea161e-9ae3-485e-95fb-1a2046a14c7d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-36609", "type": "seen", "source": "https://t.me/cibsecurity/54152", "content": "\u203c CVE-2020-36609 \u203c\n\nA vulnerability was found in annyshow DuxCMS 2.1. It has been classified as problematic. This affects an unknown part of the file admin.php&r=article/AdminContent/edit of the component Article Handler. The manipulation of the argument content leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-215115.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-08T12:17:21.000000Z"}, {"uuid": "9b49475b-233c-4cea-8de3-aa54f4b76ab0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-36604", "type": "seen", "source": "https://t.me/cibsecurity/50304", "content": "\u203c CVE-2020-36604 \u203c\n\nhoek before 8.5.1 and 9.x before 9.0.3 allows prototype poisoning in the clone function.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-23T12:13:10.000000Z"}, {"uuid": "c9f7dfcf-e82f-408c-aeb7-7100b9dad71b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-36600", "type": "seen", "source": "https://t.me/cibsecurity/49967", "content": "\u203c CVE-2020-36600 \u203c\n\nOut-of-bounds write vulnerability in the power consumption module. Successful exploitation of this vulnerability may cause the system to restart.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-16T22:35:11.000000Z"}, {"uuid": "e83e963f-7aa1-4f9c-82d7-f2ed4665f869", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-36603", "type": "seen", "source": "https://t.me/cibsecurity/49806", "content": "\u203c CVE-2020-36603 \u203c\n\nThe HoYoVerse (formerly miHoYo) Genshin Impact mhyprot2.sys 1.0.0.0 anti-cheat driver does not adequately restrict unprivileged function calls, allowing local, unprivileged users to execute arbitrary code with SYSTEM privileges on Microsoft Windows systems. The mhyprot2.sys driver must first be installed by a user with administrative privileges.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-15T02:26:46.000000Z"}]}