{"vulnerability": "CVE-2023-2708", "sightings": [{"uuid": "bb98ad0a-129a-40c2-9a0c-01bcdaf5cb67", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27089", "type": "seen", "source": "Telegram/q-1gYqgXYCwFElNi8Z95xzNUn0JTqI-xp-_SWfXpCW8yBSpf", "content": "", "creation_timestamp": "2025-02-14T21:09:17.000000Z"}, {"uuid": "48fa62aa-7f0e-49e3-a38d-aa00b34d098f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27088", "type": "seen", "source": "Telegram/pqJihM4YfpvS-WqpGSGzUTtVZCjEOt6TkDjV-0o3CPBTHSiF", "content": "", "creation_timestamp": "2025-03-06T02:17:22.000000Z"}, {"uuid": "09ecb6d3-f26d-4db2-bcec-fda9179b676f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27084", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/5602", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-27084\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Permissions vulnerability found in isoftforce Dreamer CMS v.4.0.1 allows local attackers to obtain sensitive information via the AttachmentController parameter.\n\ud83d\udccf Published: 2023-03-16T00:00:00.000Z\n\ud83d\udccf Modified: 2025-02-26T19:39:33.555Z\n\ud83d\udd17 References:\n1. https://gitee.com/isoftforce/dreamer_cms/issues/I6GCUN\n2. https://github.com/iteachyou-wjn/dreamer_cms/issues/9", "creation_timestamp": "2025-02-26T20:24:56.000000Z"}, {"uuid": "345e33d1-12ba-4039-8813-2afd2ad36263", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-2708", "type": "seen", "source": "https://t.me/cibsecurity/64197", "content": "\u203c CVE-2023-2708 \u203c\n\nThe Video Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u00e2\u20ac\u02dcsearch_term\u00e2\u20ac\u2122 parameter in versions up to, and including, 1.0.10 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-16T07:30:04.000000Z"}, {"uuid": "9d1ef470-deb8-4186-b6d9-7bf1eee58a29", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27087", "type": "seen", "source": "https://t.me/cibsecurity/60402", "content": "\u203c CVE-2023-27087 \u203c\n\nPermissions vulnerabiltiy found in Xuxueli xxl-job v2.2.0, v 2.3.0 and v.2.3.1 allows attacker to obtain sensitive information via the pageList parameter.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-21T21:35:02.000000Z"}, {"uuid": "60029b52-d512-49bf-a2a6-71d4d420a11e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27084", "type": "seen", "source": "https://t.me/cibsecurity/60106", "content": "\u203c CVE-2023-27084 \u203c\n\nPermissions vulnerability found in isoftforce Dreamer CMS v.4.0.1 allows local attackers to obtain sensitive information via the AttachmentController parameter.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-28T20:09:09.000000Z"}, {"uuid": "fab5116d-fc42-405e-b162-01584fef859d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27088", "type": "seen", "source": "https://t.me/cibsecurity/59676", "content": "\u203c CVE-2023-27088 \u203c\n\nfeiqu-opensource Background Vertical authorization vulnerability exists in IndexController.java. demo users with low permission can perform operations within the permission of the admin super administrator and can use this vulnerability to change the blacklist IP address in the system at will.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-08T19:23:08.000000Z"}, {"uuid": "92df7af4-21d9-45b2-8cd4-e57ae0bc0cd1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27089", "type": "seen", "source": "https://t.me/cibsecurity/61419", "content": "\u203c CVE-2023-27089 \u203c\n\nCross Site Scripting vulnerability found in Ehuacui BBS allows attackers to cause a denial of service via a crafted payload in the login parameter.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-05T02:59:35.000000Z"}]}