{"vulnerability": "CVE-2023-2332", "sightings": [{"uuid": "6bdf965f-34f1-4c61-9a4c-b373d5589bb4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-23326", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/5769", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-23326\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A Stored Cross-Site Scripting (XSS) vulnerability exists in AvantFAX 3.3.7. An authenticated low privilege user can inject arbitrary Javascript into their e-mail address which is executed when an administrator logs into AvantFAX to view the admin dashboard. This may result in stealing an administrator's session cookie and hijacking their session.\n\ud83d\udccf Published: 2023-03-10T00:00:00.000Z\n\ud83d\udccf Modified: 2025-02-27T18:53:45.874Z\n\ud83d\udd17 References:\n1. http://avantfax.com\n2. https://github.com/superkojiman/vulnerabilities/blob/master/AvantFAX-3.3.7/README.md", "creation_timestamp": "2025-02-27T19:26:13.000000Z"}, {"uuid": "3fc4739b-07dd-40c0-8dcc-bad2ab58b96f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-23328", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/6427", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-23328\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A File Upload vulnerability exists in AvantFAX 3.3.7. An authenticated user can bypass PHP file type validation in FileUpload.php by uploading a specially crafted PHP file.\n\ud83d\udccf Published: 2023-03-10T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-04T21:24:50.628Z\n\ud83d\udd17 References:\n1. http://avantfax.com\n2. https://github.com/superkojiman/vulnerabilities/blob/master/AvantFAX-3.3.7/README.md", "creation_timestamp": "2025-03-04T21:35:33.000000Z"}, {"uuid": "20fe5c6e-1437-4388-9912-0e126231844a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-23327", "type": "seen", "source": "Telegram/7Ey-gW9GzSfHbWACKWdO1xREYWnRCQ7bFkXiQfcAdOWfJB1B", "content": "", "creation_timestamp": "2025-03-06T02:16:32.000000Z"}, {"uuid": "a662718c-1047-4923-a496-ddf61706befe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-23326", "type": "seen", "source": "Telegram/8lcroUBd7ttW_c5Lb24K3ExcwZdJ09KJ90j2PHqq0srCUB1M", "content": "", "creation_timestamp": "2025-03-02T11:44:19.000000Z"}, {"uuid": "693036f3-f5b4-49c1-987e-9a556db88347", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-23324", "type": "seen", "source": "https://t.me/ctinow/156817", "content": "https://ift.tt/9DyitUp\nCVE-2023-23324 | Zumtobel Netlink CCD Onboard up to 3.80 hard-coded credentials", "creation_timestamp": "2023-12-20T09:12:08.000000Z"}, {"uuid": "ccad219a-24ac-465d-83a0-b57e0c064b72", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-23325", "type": "seen", "source": "https://t.me/ctinow/156815", "content": "https://ift.tt/1ogikTq\nCVE-2023-23325 | Zumtobel Netlink CCD Onboard up to 3.80 NetHostname command injection", "creation_timestamp": "2023-12-20T09:12:06.000000Z"}, {"uuid": "39bed1b4-61ce-47b0-a265-d8afd137ef22", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-2332", "type": "seen", "source": "https://t.me/cvedetector/11063", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2023-2332 - \"Pimcore Stored XSS in Pricing Rules Conditions\"\", \n  \"Content\": \"CVE ID : CVE-2023-2332 \nPublished : Nov. 15, 2024, 11:15 a.m. | 36\u00a0minutes ago \nDescription : A stored Cross-site Scripting (XSS) vulnerability exists in the Conditions tab of Pricing Rules in pimcore/pimcore versions 10.5.19. The vulnerability is present in the From and To fields of the Date Range section, allowing an attacker to inject malicious scripts. This can lead to the execution of arbitrary JavaScript code in the context of the user's browser, potentially stealing cookies or redirecting users to malicious sites. The issue is fixed in version 10.5.21. \nSeverity: 4.0 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"15 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-15T13:15:37.000000Z"}, {"uuid": "6c72e3a7-24e0-4128-9a4d-96de3ce9f129", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-23328", "type": "seen", "source": "https://t.me/cibsecurity/59854", "content": "\u203c CVE-2023-23328 \u203c\n\nA File Upload vulnerability exists in AvantFAX 3.3.7. An authenticated user can bypass PHP file type validation in FileUpload.php by uploading a specially crafted PHP file.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-11T00:27:32.000000Z"}]}