{"vulnerability": "CVE-2021-3654", "sightings": [{"uuid": "233b462a-669d-4481-b3aa-9eee4235ddf0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36546", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/8884", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2021-36546\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Incorrect Access Control issue discovered in KiteCMS 1.1 allows remote attackers to view sensitive information via path in application URL.\n\ud83d\udccf Published: 2023-02-03T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-26T16:17:35.205Z\n\ud83d\udd17 References:\n1. https://github.com/Kitesky/KiteCMS/issues/10", "creation_timestamp": "2025-03-26T16:25:16.000000Z"}, {"uuid": "2728b6fc-265a-4585-a672-3a585e8ec1c9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36545", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/8882", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2021-36545\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Cross Site Scripting (XSS) vulnerability in tpcms 3.2 allows remote attackers to run arbitrary code via the cfg_copyright or cfg_tel field in Site Configuration page.\n\ud83d\udccf Published: 2023-02-03T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-26T16:18:45.208Z\n\ud83d\udd17 References:\n1. https://gitee.com/happy_source/tpcms/issues/I3YUCJ", "creation_timestamp": "2025-03-26T16:25:12.000000Z"}, {"uuid": "5de4ba59-65d1-4f32-ae2b-54981a62175c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36544", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/8880", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2021-36544\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Incorrect Access Control issue discovered in tpcms 3.2 allows remote attackers to view sensitive information via path in application URL.\n\ud83d\udccf Published: 2023-02-03T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-26T16:19:37.009Z\n\ud83d\udd17 References:\n1. https://gitee.com/happy_source/tpcms/issues/I3YNWY", "creation_timestamp": "2025-03-26T16:25:11.000000Z"}, {"uuid": "5fc18f8f-cbc8-4fb2-841b-fe113017318f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36544", "type": "seen", "source": "https://t.me/cibsecurity/57475", "content": "\u203c CVE-2021-36544 \u203c\n\nIncorrect Access Control issue discovered in tpcms 3.2 allows remote attackers to view sensitive information via path in application URL.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-03T20:20:51.000000Z"}, {"uuid": "be7ec137-510c-4486-90df-ec1a3753560f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36545", "type": "seen", "source": "https://t.me/cibsecurity/57493", "content": "\u203c CVE-2021-36545 \u203c\n\nCross Site Scripting (XSS) vulnerability in tpcms 3.2 allows remote attackers to run arbitrary code via the cfg_copyright or cfg_tel field in Site Configuration page.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-03T20:25:47.000000Z"}, {"uuid": "4beaecec-9c4e-4b8c-9897-477161b2ec30", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36546", "type": "seen", "source": "https://t.me/cibsecurity/57496", "content": "\u203c CVE-2021-36546 \u203c\n\nIncorrect Access Control issue discovered in KiteCMS 1.1 allows remote attackers to view sensitive information via path in application URL.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-03T20:25:49.000000Z"}, {"uuid": "b5b02078-3eef-4ef1-aa0f-05475fb87484", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36548", "type": "seen", "source": "https://t.me/cibsecurity/31437", "content": "\u203c CVE-2021-36548 \u203c\n\nA remote code execution (RCE) vulnerability in the component /admin/index.php?id=themes&amp;action=edit_template&amp;filename=blog of Monstra v3.0.4 allows attackers to execute arbitrary commands via a crafted PHP file.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-29T00:18:38.000000Z"}, {"uuid": "e307c5b5-fbce-45a6-ad6a-061fdcf0faec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36547", "type": "seen", "source": "https://t.me/cibsecurity/31434", "content": "\u203c CVE-2021-36547 \u203c\n\nA remote code execution (RCE) vulnerability in the component /codebase/dir.php?type=filenew of Mara v7.5 allows attackers to execute arbitrary commands via a crafted PHP file.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-29T00:18:35.000000Z"}]}