{"vulnerability": "CVE-2023-2468", "sightings": [{"uuid": "da82472a-da7f-4a73-99ac-a957247eeca0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-24689", "type": "seen", "source": "https://t.me/cibsecurity/57874", "content": "\u203c CVE-2023-24689 \u203c\n\nAn issue in Mojoportal v2.7.0.0 and below allows an authenticated attacker to list all css files inside the root path of the webserver via manipulation of the \"s\" parameter in /DesignTools/ManageSkin.aspx\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-09T22:26:28.000000Z"}, {"uuid": "b8a5ebc7-3150-4411-b480-d73b40e4c1fb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-24688", "type": "seen", "source": "https://t.me/cibsecurity/57875", "content": "\u203c CVE-2023-24688 \u203c\n\nAn issue in Mojoportal v2.7.0.0 allows an unauthenticated attacker to register a new user even if the Allow User Registrations feature is disabled.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-09T22:26:29.000000Z"}, {"uuid": "de034348-4e4d-4047-b173-28a5f08ad40a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-2468", "type": "seen", "source": "https://t.me/cibsecurity/63200", "content": "\u203c CVE-2023-2468 \u203c\n\nInappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63 allowed a remote attacker who had compromised the renderer process to obfuscate the security UI via a crafted HTML page. (Chromium security severity: Low)\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-03T07:30:51.000000Z"}, {"uuid": "53c07a3a-6cad-4817-92ae-36ece7f60947", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-24684", "type": "seen", "source": "https://t.me/cibsecurity/57898", "content": "\u203c CVE-2023-24684 \u203c\n\nChurchCRM v4.5.3 and below was discovered to contain a SQL injection vulnerability via the EID parameter at GetText.php.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-10T16:57:41.000000Z"}, {"uuid": "bf747e7b-7db6-4c9e-b122-0ee2e401fdd5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-24687", "type": "seen", "source": "https://t.me/cibsecurity/57867", "content": "\u203c CVE-2023-24687 \u203c\n\nMojoportal v2.7.0.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Company Info Settings component. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the txtCompanyName parameter.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-09T22:26:21.000000Z"}]}