{"vulnerability": "CVE-2023-3070", "sightings": [{"uuid": "5a71b106-2050-4759-8023-9046adaea527", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-3070", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/823", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-3070\n\ud83d\udd39 Description: Cross-site Scripting (XSS) - Stored in GitHub repository tsolucio/corebos prior to 8.\n\ud83d\udccf Published: 2023-06-02T00:00:00\n\ud83d\udccf Modified: 2025-01-08T19:44:43.226Z\n\ud83d\udd17 References:\n1. https://huntr.dev/bounties/e193068e-0b95-403a-8453-e015241b8f1b\n2. https://github.com/tsolucio/corebos/commit/b3a7a26c60117d7859b8d77b57fd5771a038c93a", "creation_timestamp": "2025-01-08T20:14:45.000000Z"}, {"uuid": "da031fea-3664-405c-a211-2b8b6dd9d282", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-30709", "type": "seen", "source": "https://t.me/cibsecurity/69943", "content": "\u203c CVE-2023-30709 \u203c\n\nImproper access control in Dual Messenger prior to SMR Sep-2023 Release 1 allows local attackers launch activity with system privilege.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-06T07:30:53.000000Z"}, {"uuid": "dad0010c-5061-4766-af26-a955d34be0e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-30708", "type": "seen", "source": "https://t.me/cibsecurity/69952", "content": "\u203c CVE-2023-30708 \u203c\n\nImproper authentication in SecSettings prior to SMR Sep-2023 Release 1 allows attacker to access Captive Portal Wi-Fi in Reactivation Lock status.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-06T07:33:38.000000Z"}, {"uuid": "69b07bbb-c45c-447b-b6b7-341754349f66", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-30700", "type": "seen", "source": "https://t.me/cibsecurity/68169", "content": "\u203c CVE-2023-30700 \u203c\n\nPendingIntent hijacking vulnerability in SemWifiApTimeOutImpl in framework prior to SMR Aug-2023 Release 1 allows local attackers to access ContentProvider without proper permission.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-10T07:31:37.000000Z"}, {"uuid": "1390c505-541b-48ba-aa67-23b1917a9c8f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-30703", "type": "seen", "source": "https://t.me/cibsecurity/68165", "content": "\u203c CVE-2023-30703 \u203c\n\nImproper URL validation vulnerability in Samsung Members prior to version 14.0.07.1 allows attackers to access sensitive information.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-10T07:28:54.000000Z"}, {"uuid": "93b4ef1f-b714-46c5-8e6d-8a87e076cdb2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-30702", "type": "seen", "source": "https://t.me/cibsecurity/68162", "content": "\u203c CVE-2023-30702 \u203c\n\nStack overflow vulnerability in SSHDCPAPP TA prior to &quot;SAMSUNG ELECTONICS, CO, LTD. - System Hardware Update - 7/13/2023&quot; in Windows Update for Galaxy book Go, Galaxy book Go 5G, Galaxy book2 Go and Galaxy book2 Pro 360 allows local attacker to execute arbitrary code.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-10T07:28:51.000000Z"}, {"uuid": "23aad81c-740c-4668-9226-c8ffcad4553f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-30705", "type": "seen", "source": "https://t.me/cibsecurity/68161", "content": "\u203c CVE-2023-30705 \u203c\n\nImproper sanitization of incoming intent in Galaxy Store prior to version 4.5.56.6?allows local attackers to access privileged content providers as Galaxy Store permission.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-10T07:28:47.000000Z"}, {"uuid": "9b2d7463-4204-46d2-8aff-b54e9c2f63f9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-30701", "type": "seen", "source": "https://t.me/cibsecurity/68158", "content": "\u203c CVE-2023-30701 \u203c\n\nPendingIntent hijacking in WifiGeofenceManager prior to SMR Aug-2023 Release 1 allows local attacker to arbitrary file access.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-10T07:28:44.000000Z"}, {"uuid": "7c52b415-7af5-460c-bf9f-fc9c4534dade", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-30704", "type": "seen", "source": "https://t.me/cibsecurity/68146", "content": "\u203c CVE-2023-30704 \u203c\n\nImproper Authorization vulnerability in Samsung Internet prior to version 22.0.0.35 allows physical attacker access downloaded files in Secret Mode without user authentication.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-10T07:25:35.000000Z"}, {"uuid": "5c59bc29-4951-4bbc-8be2-7390f991bbd3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-3070", "type": "seen", "source": "https://t.me/cibsecurity/64927", "content": "\u203c CVE-2023-3070 \u203c\n\nCross-site Scripting (XSS) - Stored in GitHub repository tsolucio/corebos prior to 8.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-06-02T20:39:42.000000Z"}]}