{"vulnerability": "CVE-2023-2307", "sightings": [{"uuid": "5ac78c6f-9a13-4c09-9b6d-5fbb6b0394d8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-23078", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/9099", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-23078\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via the comment field when changing the credentials in the Assets.\n\ud83d\udccf Published: 2023-02-01T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-27T14:19:08.435Z\n\ud83d\udd17 References:\n1. https://bugbounty.zohocorp.com/bb/#/bug/101000006458675?tab=originator\n2. https://www.manageengine.com/products/service-desk/CVE-2023-23078.html", "creation_timestamp": "2025-03-27T14:27:38.000000Z"}, {"uuid": "313546b2-83c3-4728-aaab-68dd6e387aef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-2307", "type": "seen", "source": "https://t.me/cibsecurity/62911", "content": "\u203c CVE-2023-2307 \u203c\n\nCross-Site Request Forgery (CSRF) in GitHub repository builderio/qwik prior to 0.104.0.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-26T20:25:54.000000Z"}, {"uuid": "fdc255f9-8f38-4da4-8caa-d2f935019597", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-23078", "type": "seen", "source": "https://t.me/cibsecurity/57340", "content": "\u203c CVE-2023-23078 \u203c\n\nCross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via the comment field when changing the credentials in the Assets.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-01T22:14:12.000000Z"}, {"uuid": "9e8c2ff6-bb57-4a8f-8efd-bbe11d3a5c40", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-23076", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/9090", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-23076\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: OS Command injection vulnerability in Support Center Plus 11 via Executor in Action when creating new schedules.\n\ud83d\udccf Published: 2023-02-01T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-27T14:22:23.157Z\n\ud83d\udd17 References:\n1. https://bugbounty.zohocorp.com/bb/#/bug/101000006459751?tab=originator\n2. https://www.manageengine.com/products/support-center/CVE-2023-23076.html", "creation_timestamp": "2025-03-27T14:27:24.000000Z"}, {"uuid": "614a0b06-68dc-4c54-a0fe-a93fad109986", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-23077", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/9096", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-23077\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 13 via the comment field when adding a new status comment.\n\ud83d\udccf Published: 2023-02-01T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-27T14:20:01.439Z\n\ud83d\udd17 References:\n1. https://bugbounty.zohocorp.com/bb/#/bug/101000006387693?tab=originator\n2. https://www.manageengine.com/products/service-desk/CVE-2023-23077.html", "creation_timestamp": "2025-03-27T14:27:33.000000Z"}, {"uuid": "a696a72b-39f2-4cee-99e7-cb743ca89e59", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-23077", "type": "seen", "source": "https://t.me/cibsecurity/57345", "content": "\u203c CVE-2023-23077 \u203c\n\nCross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 13 via the comment field when adding a new status comment.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-01T22:14:20.000000Z"}, {"uuid": "5f1dadfc-8000-484d-83ed-c6bb1176f165", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-23076", "type": "seen", "source": "https://t.me/cibsecurity/57344", "content": "\u203c CVE-2023-23076 \u203c\n\nOS Command injection vulnerability in Support Center Plus 11 via Executor in Action when creating new schedules.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-01T22:14:16.000000Z"}, {"uuid": "a3893eef-70d7-4081-b9d2-38102233550f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-23074", "type": "seen", "source": "https://t.me/cibsecurity/57343", "content": "\u203c CVE-2023-23074 \u203c\n\nCross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via embedding videos in the language component.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-01T22:14:15.000000Z"}, {"uuid": "6ea76fe9-82b6-41e5-a048-3d994989e0bc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-23075", "type": "seen", "source": "https://t.me/cibsecurity/57352", "content": "\u203c CVE-2023-23075 \u203c\n\nCross Site Scripting (XSS) vulnerability in Zoho Asset Explorer 6.9 via the credential name when creating a new Assets Workstation.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-01T22:14:30.000000Z"}, {"uuid": "2e6e1c1d-7ca6-43d1-a739-ee05eaf884e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-23073", "type": "seen", "source": "https://t.me/cibsecurity/57349", "content": "\u203c CVE-2023-23073 \u203c\n\nCross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via PO in the purchase component.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-01T22:14:24.000000Z"}]}