{"vulnerability": "CVE-2021-3167", "sightings": [{"uuid": "b6b3e16e-1a78-4c84-a555-3790bbb8ca6f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-31677", "type": "seen", "source": "https://t.me/cibsecurity/45647", "content": "\u203c CVE-2021-31677 \u203c\n\nAn issue was discovered in PESCMS-V2.3.3. There is a CSRF vulnerability that can modify admin and other members' passwords.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-06T16:20:56.000000Z"}, {"uuid": "5ddae259-d1b6-4c9a-9917-ee07332a240a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-31676", "type": "seen", "source": "https://t.me/cibsecurity/45643", "content": "\u203c CVE-2021-31676 \u203c\n\nA reflected XSS was discovered in PESCMS-V2.3.3. When combined with CSRF in the same file, they can cause bigger destruction.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-06T16:20:49.000000Z"}, {"uuid": "d3cbca2f-ca3a-45f0-a740-639933111b6d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-31678", "type": "seen", "source": "https://t.me/cibsecurity/45638", "content": "\u203c CVE-2021-31678 \u203c\n\nAn issue was discovered in PESCMS-V2.3.3. There is a CSRF vulnerability that can delete import information about a user's company.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-06T16:20:40.000000Z"}, {"uuid": "821a0266-7a69-4892-b18e-8bdd66e5b67a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-31673", "type": "seen", "source": "https://t.me/cibsecurity/41705", "content": "\u203c CVE-2021-31673 \u203c\n\nA Dom-based Cross-site scripting (XSS) vulnerability at registration account in Cyclos 4 PRO.14.7 and before allows remote attackers to inject arbitrary web script or HTML via the groupId parameter.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-02T07:27:30.000000Z"}, {"uuid": "3a12f203-a518-4785-88c0-73fb882aceb0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-31679", "type": "seen", "source": "https://t.me/cibsecurity/45640", "content": "\u203c CVE-2021-31679 \u203c\n\nAn issue was discovered in PESCMS-V2.3.3. There is a CSRF vulnerability that allows attackers to delete admin and other members' account numbers.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-06T16:20:46.000000Z"}, {"uuid": "cfc0a9f7-b467-4203-960c-19484befc91f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-31674", "type": "seen", "source": "https://t.me/cibsecurity/41700", "content": "\u203c CVE-2021-31674 \u203c\n\nCyclos 4 PRO 4.14.7 and before does not validate user input at error inform, which allows remote unauthenticated attacker to execute javascript code via undefine enum constant.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-02T07:27:21.000000Z"}, {"uuid": "a3f7e1c1-fd0a-4542-b6da-9d55e3f7094b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3167", "type": "seen", "source": "https://t.me/cibsecurity/24905", "content": "\u203c CVE-2021-3167 \u203c\n\nIn Cloudera Data Engineering (CDE) 1.3.0, JWT authentication tokens are exposed to administrators in virtual cluster server logs.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-03-15T19:29:07.000000Z"}]}