{"vulnerability": "CVE-2021-3548", "sightings": [{"uuid": "01bed164-a777-4240-8fd4-5b915208d5ac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-35488", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-35488.yaml", "content": "", "creation_timestamp": "2023-04-27T09:58:59.000000Z"}, {"uuid": "143de7bc-b90f-4bd1-b3fe-738b98e3a6da", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-35486", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mg6l5eytbs2v", "content": "", "creation_timestamp": "2026-03-03T20:09:09.883702Z"}, {"uuid": "2e1bbdb8-427c-4138-98e0-eaa8d0ff1090", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-35485", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mg6liq3m342v", "content": "", "creation_timestamp": "2026-03-03T20:15:30.271554Z"}, {"uuid": "8635aaf8-f138-4663-bda7-f554f100f4db", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-35484", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mg6kpuv6wy2e", "content": "", "creation_timestamp": "2026-03-03T20:01:36.436260Z"}, {"uuid": "ebebb056-644b-4d52-87d8-103721536702", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-35487", "type": "seen", "source": "https://t.me/cibsecurity/43342", "content": "\u203c CVE-2021-35487 \u203c\n\nNokia Broadcast Message Center through 11.1.0 allows an authenticated user to perform a Boolean Blind SQL Injection attack on the endpoint /owui/block/send-receive-updates (for the Manage Alerts page) via the extIdentifier HTTP POST parameter. This allows an attacker to obtain the database user, database name, and database version information, and potentially database data.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-25T18:38:21.000000Z"}, {"uuid": "6a78a8d4-7c4a-430a-b491-bc36bf6607cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-35483", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mg6nduq6tx2x", "content": "", "creation_timestamp": "2026-03-03T20:48:34.883237Z"}, {"uuid": "984ebd6a-a6ed-44c1-b3df-76020a348180", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-35489", "type": "seen", "source": "https://t.me/cibsecurity/32130", "content": "\u203c CVE-2021-35489 \u203c\n\nThruk 2.40-2 allows /thruk/#cgi-bin/extinfo.cgi?type=2&host={HOSTNAME]&service={SERVICENAME]&backend={BACKEND] Reflected XSS via the host or service parameter. An attacker could inject arbitrary JavaScript into extinfo.cgi. The malicious payload would be triggered every time an authenticated user browses the page containing it.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-10T02:35:30.000000Z"}, {"uuid": "4bc8cfa4-fdc8-46bd-81be-4e12b4c986ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-35488", "type": "seen", "source": "https://t.me/cibsecurity/32129", "content": "\u203c CVE-2021-35488 \u203c\n\nThruk 2.40-2 allows /thruk/#cgi-bin/status.cgi?style=combined&title={TITLE] Reflected XSS via the host or title parameter. An attacker could inject arbitrary JavaScript into status.cgi. The payload would be triggered every time an authenticated user browses the page containing it.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-10T02:35:28.000000Z"}]}