{"vulnerability": "CVE-2021-4315", "sightings": [{"uuid": "8dafd29e-f0d5-470f-8129-c9e3c1b33250", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-43154", "type": "seen", "source": "https://t.me/cibsecurity/40746", "content": "\u203c CVE-2021-43154 \u203c\n\nCross Site Scripting (XSS) vulnerability exists in CMS Made Simple 2.2.15 via the Name field in an Add Category action in moduleinterface.php.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-14T02:18:18.000000Z"}, {"uuid": "1d0ebc73-d4ba-4de0-a8d0-1db550907110", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-4315", "type": "seen", "source": "https://t.me/cibsecurity/57132", "content": "\u203c CVE-2021-4315 \u203c\n\nA vulnerability has been found in NYUCCL psiTurk up to 3.2.0 and classified as critical. This vulnerability affects unknown code of the file psiturk/experiment.py. The manipulation of the argument mode leads to improper neutralization of special elements used in a template engine. The exploit has been disclosed to the public and may be used. Upgrading to version 3.2.1 is able to address this issue. The name of the patch is 47787e15cecd66f2aa87687bf852ae0194a4335f. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-219676.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-29T13:02:17.000000Z"}, {"uuid": "53f2accc-5447-45d3-8cbb-4267ffb66dc3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-43156", "type": "seen", "source": "https://t.me/cibsecurity/34514", "content": "\u203c CVE-2021-43156 \u203c\n\nIn ProjectWorlds Online Book Store PHP 1.0 a CSRF vulnerability in admin_delete.php allows a remote attacker to delete any book.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-22T20:18:37.000000Z"}, {"uuid": "f3b87243-1039-4537-9065-3e6891a49536", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-43157", "type": "seen", "source": "https://t.me/cibsecurity/34524", "content": "\u203c CVE-2021-43157 \u203c\n\nProjectsworlds Online Shopping System PHP 1.0 is vulnerable to SQL injection via the id parameter in cart_remove.php.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-22T20:19:03.000000Z"}, {"uuid": "94c2f518-6dd6-44d2-b0a5-f91ecbe219f2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-43158", "type": "seen", "source": "https://t.me/cibsecurity/34515", "content": "\u203c CVE-2021-43158 \u203c\n\nIn ProjectWorlds Online Shopping System PHP 1.0, a CSRF vulnerability in cart_remove.php allows a remote attacker to remove any product in the customer's cart.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-22T20:18:39.000000Z"}, {"uuid": "d07a942c-23ed-491f-b419-31d1f5b425fb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-43155", "type": "seen", "source": "https://t.me/cibsecurity/34518", "content": "\u203c CVE-2021-43155 \u203c\n\nProjectsworlds Online Book Store PHP v1.0 is vulnerable to SQL injection via the \"bookisbn\" parameter in cart.php.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-22T20:18:47.000000Z"}]}