{"vulnerability": "CVE-2021-3656", "sightings": [{"uuid": "04949f03-eab6-4e16-9063-91ce0f64aceb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36569", "type": "seen", "source": "https://t.me/cibsecurity/57479", "content": "\u203c CVE-2021-36569 \u203c\n\nCross Site Request Forgery vulnerability in FUEL-CMS 1.4.13 allows remote attackers to run arbitrary code via post ID to /users/delete/2.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-03T20:20:58.000000Z"}, {"uuid": "d8e23929-e9d4-43e6-956d-75f435e3a1b2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36569", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/8886", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2021-36569\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Cross Site Request Forgery vulnerability in FUEL-CMS 1.4.13 allows remote attackers to run arbitrary code via post ID to /users/delete/2.\n\ud83d\udccf Published: 2023-02-03T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-26T16:16:44.066Z\n\ud83d\udd17 References:\n1. https://github.com/daylightstudio/FUEL-CMS/issues/578", "creation_timestamp": "2025-03-26T16:25:17.000000Z"}, {"uuid": "f022d85e-2c96-4333-b7d4-daaa7e586a43", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36568", "type": "seen", "source": "https://t.me/cibsecurity/49738", "content": "\u203c CVE-2021-36568 \u203c\n\nIn certain Moodle products after creating a course, it is possible to add in a arbitrary \"Topic\" a resource, in this case a \"Database\" with the type \"Text\" where its values \"Field name\" and \"Field description\" are vulnerable to Cross Site Scripting Stored(XSS). This affects Moodle 3.11 and Moodle 3.10.4 and Moodle 3.9.7.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-14T02:25:41.000000Z"}, {"uuid": "798b859a-24e0-4b1e-88c8-288321f53d2f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36560", "type": "seen", "source": "https://t.me/cibsecurity/31592", "content": "\u203c CVE-2021-36560 \u203c\n\nPhone Shop Sales Managements System using PHP with Source Code 1.0 is vulnerable to authentication bypass which leads to account takeover of the admin.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-02T13:23:29.000000Z"}, {"uuid": "faba6ee2-f1e5-4fd0-8d96-505da8a28e95", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3656", "type": "seen", "source": "https://t.me/cibsecurity/38467", "content": "\u203c CVE-2021-3656 \u203c\n\nA flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the \"virt_ext\" field, this issue could allow a malicious L1 to disable both VMLOAD/VMSAVE intercepts and VLS (Virtual VMLOAD/VMSAVE) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-04T22:27:10.000000Z"}, {"uuid": "ca1feed5-19a1-433e-9654-cbe953a081a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36564", "type": "seen", "source": "https://t.me/cibsecurity/33413", "content": "\u203c CVE-2021-36564 \u203c\n\nThinkPHP v6.0.8 was discovered to contain a deserialization vulnerability via the component vendor\\league\\flysystem-cached-adapter\\src\\Storage\\Adapter.php.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-07T00:22:33.000000Z"}, {"uuid": "9c17174a-8604-44af-9d6c-9019cc7e88b7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36567", "type": "seen", "source": "https://t.me/cibsecurity/33414", "content": "\u203c CVE-2021-36567 \u203c\n\nThinkPHP v6.0.8 was discovered to contain a deserialization vulnerability via the component League\\Flysystem\\Cached\\Storage\\AbstractCache.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-07T00:22:35.000000Z"}, {"uuid": "5e9d01a7-d6a4-4507-870f-a1cd183de5ea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36563", "type": "seen", "source": "https://t.me/cibsecurity/26506", "content": "\u203c CVE-2021-36563 \u203c\n\nThe CheckMK management web console (versions 1.5.0 to 2.0.0) does not sanitise user input in various parameters of the WATO module. This allows an attacker to open a backdoor on the device with HTML content and interpreted by the browser (such as JavaScript or other client-side scripts), the XSS payload will be triggered when the user accesses some specific sections of the application. In the same sense a very dangerous potential way would be when an attacker who has the monitor role (not administrator) manages to get a stored XSS to steal the secretAutomation (for the use of the API in administrator mode) and thus be able to create another administrator user who has high privileges on the CheckMK monitoring web console. Another way is that persistent XSS allows an attacker to modify the displayed content or change the victim's information. Successful exploitation requires access to the web management interface, either with valid credentials or with a hijacked session.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-07-26T22:11:35.000000Z"}]}