{"vulnerability": "CVE-2023-2423", "sightings": [{"uuid": "f64dd1fe-8e47-4338-b343-46558973951b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-24232", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/8499", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-24232\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A stored cross-site scripting (XSS) vulnerability in the component /php-inventory-management-system/product.php of Inventory Management System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Product Name parameter.\n\ud83d\udccf Published: 2023-02-10T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-24T17:59:16.699Z\n\ud83d\udd17 References:\n1. https://github.com/stemword/php-inventory-management-system\n2. https://medium.com/%400x2bit/inventory-management-system-multiple-stored-xss-vulnerability-b296365065b", "creation_timestamp": "2025-03-24T18:23:10.000000Z"}, {"uuid": "ce15d06f-96d1-434e-961a-21da77c72d1d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-24238", "type": "seen", "source": "https://t.me/cibsecurity/58322", "content": "\u203c CVE-2023-24238 \u203c\n\nTOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the city parameter at setting/delStaticDhcpRules.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-16T18:12:27.000000Z"}, {"uuid": "dd4e398a-93e8-44d9-a364-31aaa8e3d933", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-24230", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/8493", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-24230\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A stored cross-site scripting (XSS) vulnerability in the component /formwork/panel/dashboard of Formwork v1.12.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page title parameter.\n\ud83d\udccf Published: 2023-02-10T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-24T18:02:50.443Z\n\ud83d\udd17 References:\n1. https://medium.com/%400x2bit/formwork-1-12-1-stored-xss-vulnerability-at-page-title-b6efba27891a\n2. https://github.com/getformwork/formwork/releases/tag/1.12.1", "creation_timestamp": "2025-03-24T18:23:01.000000Z"}, {"uuid": "2c4ff776-9c5b-424d-a4c2-c279545f9099", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-24231", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/8495", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-24231\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A stored cross-site scripting (XSS) vulnerability in the component /php-inventory-management-system/categories.php of Inventory Management System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Categories Name parameter.\n\ud83d\udccf Published: 2023-02-10T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-24T18:00:56.546Z\n\ud83d\udd17 References:\n1. https://github.com/stemword/php-inventory-management-system\n2. https://medium.com/%400x2bit/inventory-management-system-multiple-stored-xss-vulnerability-b296365065b", "creation_timestamp": "2025-03-24T18:23:03.000000Z"}, {"uuid": "679ed0ef-c237-4856-b92c-a86572dde549", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-24233", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/8501", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-24233\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A stored cross-site scripting (XSS) vulnerability in the component /php-inventory-management-system/orders.php?o=add of Inventory Management System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Client Name parameter.\n\ud83d\udccf Published: 2023-02-10T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-24T17:57:45.345Z\n\ud83d\udd17 References:\n1. https://github.com/stemword/php-inventory-management-system\n2. https://medium.com/%400x2bit/inventory-management-system-multiple-stored-xss-vulnerability-b296365065b", "creation_timestamp": "2025-03-24T18:23:12.000000Z"}, {"uuid": "ce1b5c2f-3872-4324-a0ad-a6e2586ec1f2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-2423", "type": "seen", "source": "https://t.me/cibsecurity/67992", "content": "\u203c CVE-2023-2423 \u203c\n\nA vulnerability was discovered in the Rockwell Automation Armor PowerFlex device when the product sends communications to the local event log. Threat actors could exploit this vulnerability by sending an influx of network commands, causing the product to generate an influx of event log traffic at a high rate. If exploited, the product would stop normal operations and self-reset creating a denial-of-service condition. The error code would need to be cleared prior to resuming normal operations.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-08T18:14:06.000000Z"}, {"uuid": "1c98fe5e-394f-4531-965e-a1cedcde7269", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-24236", "type": "seen", "source": "https://t.me/cibsecurity/58318", "content": "\u203c CVE-2023-24236 \u203c\n\nTOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the province parameter at setting/delStaticDhcpRules.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-16T18:12:23.000000Z"}, {"uuid": "a2fb0b54-eb46-4214-a690-594e4cc96f82", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-24232", "type": "seen", "source": "https://t.me/cibsecurity/57921", "content": "\u203c CVE-2023-24232 \u203c\n\nA stored cross-site scripting (XSS) vulnerability in the component /php-inventory-management-system/product.php of Inventory Management System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Product Name parameter.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-10T18:40:53.000000Z"}, {"uuid": "573a0efd-f1d2-4693-95d0-dfd23cd03006", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-24233", "type": "seen", "source": "https://t.me/cibsecurity/57920", "content": "\u203c CVE-2023-24233 \u203c\n\nA stored cross-site scripting (XSS) vulnerability in the component /php-inventory-management-system/orders.php?o=add of Inventory Management System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Client Name parameter.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-10T18:40:52.000000Z"}, {"uuid": "629e59bf-5706-4584-9363-6d95fb505b56", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-24234", "type": "seen", "source": "https://t.me/cibsecurity/57919", "content": "\u203c CVE-2023-24234 \u203c\n\nA stored cross-site scripting (XSS) vulnerability in the component php-inventory-management-system/brand.php of Inventory Management System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Brand Name parameter.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-10T18:40:52.000000Z"}, {"uuid": "5856f180-32f2-4cc0-839e-11e51069c5f5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-24231", "type": "seen", "source": "https://t.me/cibsecurity/57918", "content": "\u203c CVE-2023-24231 \u203c\n\nA stored cross-site scripting (XSS) vulnerability in the component /php-inventory-management-system/categories.php of Inventory Management System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Categories Name parameter.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-10T18:40:48.000000Z"}, {"uuid": "9f1f610c-2e50-441b-bbfa-1be10baa11a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-24230", "type": "seen", "source": "https://t.me/cibsecurity/57911", "content": "\u203c CVE-2023-24230 \u203c\n\nA stored cross-site scripting (XSS) vulnerability in the component /formwork/panel/dashboard of Formwork v1.12.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page title parameter.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-10T18:37:42.000000Z"}]}