{"vulnerability": "CVE-2023-2534", "sightings": [{"uuid": "c0d9eec9-6a5b-42c0-9f08-80848eba745b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-25345", "type": "seen", "source": "Telegram/CopAiHW7avCMiVC8fy29KZKS7PHz_KM4on3a70bUNMYN7y3n", "content": "", "creation_timestamp": "2025-03-02T11:44:19.000000Z"}, {"uuid": "e2265cec-3806-40b2-8d05-ebcf4dd21cc8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-25347", "type": "seen", "source": "https://t.me/cibsecurity/62800", "content": "\u203c CVE-2023-25347 \u203c\n\nA stored cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3, allows remote attackers to inject arbitrary web script or HTML via input fields. These input fields are located in the \"Title\" Input Field in EventEditor.php.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-25T16:25:15.000000Z"}, {"uuid": "6bb32be3-351a-4238-bf06-f93c54273289", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-25346", "type": "seen", "source": "https://t.me/cibsecurity/62792", "content": "\u203c CVE-2023-25346 \u203c\n\nA reflected cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3 allows remote attackers to inject arbitrary web script or HTML via the id parameter of /churchcrm/v2/family/not-found.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-25T16:25:07.000000Z"}, {"uuid": "6aa89ff8-f8fc-42c3-abe8-1e2e829cfa57", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-25348", "type": "seen", "source": "https://t.me/cibsecurity/62791", "content": "\u203c CVE-2023-25348 \u203c\n\nChurchCRM 4.5.3 was discovered to contain a CSV injection vulnerability via the Last Name and First Name input fields when creating a new person. These vulnerabilities allow attackers to execute arbitrary code via a crafted excel file.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-25T16:25:06.000000Z"}, {"uuid": "cc504a51-ccaa-4c75-9acf-f87055ca42e1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-25345", "type": "seen", "source": "https://t.me/cibsecurity/60087", "content": "\u203c CVE-2023-25345 \u203c\n\nDirectory traversal vulnerability in swig-templates thru 2.0.4 and swig thru 1.4.2, allows attackers to read arbitrary files via the include or extends tags.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-15T23:30:05.000000Z"}, {"uuid": "f5348805-c9a1-46c0-bb26-f0acce64484d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-25344", "type": "seen", "source": "https://t.me/cibsecurity/60093", "content": "\u203c CVE-2023-25344 \u203c\n\nAn issue was discovered in swig-templates thru 2.0.4 and swig thru 1.4.2, allows attackers to execute arbitrary code via crafted Object.prototype anonymous function.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-15T23:30:14.000000Z"}]}