{"vulnerability": "CVE-2021-3682", "sightings": [{"uuid": "7dfa72b1-3744-4bd3-acb4-81c404926016", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36821", "type": "seen", "source": "https://t.me/cibsecurity/60142", "content": "\u203c CVE-2021-36821 \u203c\n\nUnauth. Stored Cross-Site Scripting (XSS) vulnerability in WPMU DEV Forminator \u00e2\u20ac\u201c Contact Form, Payment Form & Custom Form Builder plugin <= 1.14.11 versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-16T17:30:46.000000Z"}, {"uuid": "809bc49f-b567-4a71-8df6-20140900f28e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36828", "type": "seen", "source": "https://t.me/cibsecurity/40883", "content": "\u203c CVE-2021-36828 \u203c\n\nAuthenticated (admin+) Stored Cross-Site Scripting (XSS) in WP Maintenance (WordPress plugin) <= 6.0.4 affects multiple inputs.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-15T20:20:20.000000Z"}, {"uuid": "2166f846-c4ec-41d2-8f6b-151bcdbe07e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36823", "type": "seen", "source": "https://t.me/cibsecurity/29328", "content": "\u203c CVE-2021-36823 \u203c\n\nAuthenticated Stored Cross-Site Scripting (XSS) vulnerability in WordPress Absolutely Glamorous Custom Admin plugin (versions <= 6.8). Stored XSS possible via unsanitized input fields of the plugin settings, some of the payloads could make the frontend and the backend inaccessible.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-23T20:30:01.000000Z"}, {"uuid": "a4f0531e-9d01-47a5-8f4e-b6ae7dc78252", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3682", "type": "seen", "source": "https://t.me/cibsecurity/26908", "content": "\u203c CVE-2021-3682 \u203c\n\nA flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2. It occurs when dropping packets during a bulk transfer from a SPICE client due to the packet queue being full. A malicious SPICE client could use this flaw to make QEMU call free() with faked heap chunk metadata, resulting in a crash of QEMU or potential code execution with the privileges of the QEMU process on the host.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-06T00:31:54.000000Z"}]}