{"vulnerability": "CVE-2021-23838", "sightings": [{"uuid": "a454ce0f-0a54-4e5f-bb76-f92c17d7a56b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-23838", "type": "seen", "source": "https://t.me/cibsecurity/22197", "content": "\u203c CVE-2021-23838 \u203c\n\nAn issue was discovered in flatCore before 2.0.0 build 139. A reflected XSS vulnerability was identified in the media_filter HTTP request body parameter for the acp interface. The affected parameter accepts malicious client-side script without proper input sanitization. For example, a malicious user can leverage this vulnerability to steal cookies from a victim user and perform a session-hijacking attack, which may then lead to unauthorized access to the site.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-01-15T12:50:40.000000Z"}]}