{"vulnerability": "CVE-2023-2476", "sightings": [{"uuid": "7468272f-a01f-4db1-b88f-59afa1e7c824", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-24760", "type": "seen", "source": "https://t.me/cibsecurity/60104", "content": "\u203c CVE-2023-24760 \u203c\n\nAn issue found in Ofcms v.1.1.4 allows a remote attacker to to escalate privileges via the respwd method in SysUserController.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-21T16:51:47.000000Z"}, {"uuid": "835424a4-a33f-4245-8cde-b905f6c7af66", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-24763", "type": "seen", "source": "Telegram/9q0Qz_9kM-v5IwTOJUuZOAlNifuOV9creN62k76ogbfK_EJ-", "content": "", "creation_timestamp": "2025-03-08T04:35:51.000000Z"}, {"uuid": "e5074a0f-4afc-4e8d-b2e7-4acf77263693", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-2476", "type": "seen", "source": "https://t.me/cibsecurity/63160", "content": "\u203c CVE-2023-2476 \u203c\n\nA vulnerability was found in Dromara J2eeFAST up to 2.6.0. It has been classified as problematic. Affected is an unknown function of the component Announcement Handler. The manipulation of the argument ????/???? leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 7a9e1a00e3329fdc0ae05f7a8257cce77037134d. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-227868.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-02T18:30:09.000000Z"}, {"uuid": "0c83f8fe-6217-4daa-8984-abff211ed077", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-24762", "type": "seen", "source": "https://t.me/cibsecurity/59900", "content": "\u203c CVE-2023-24762 \u203c\n\nOS Command injection vulnerability in D-Link DIR-867 DIR_867_FW1.30B07 allows attackers to execute arbitrary commands via a crafted LocalIPAddress parameter for the SetVirtualServerSettings to HNAP1.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-13T17:23:27.000000Z"}, {"uuid": "858e2bce-51f6-4fe0-b1f9-6cb23d1c49de", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-24763", "type": "seen", "source": "https://t.me/cibsecurity/59503", "content": "\u203c CVE-2023-24763 \u203c\n\nIn the module \"Xen Forum\" (xenforum) for PrestaShop, an authenticated user can perform SQL injection in versions up to 2.13.0.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-06T22:13:02.000000Z"}]}