{"vulnerability": "CVE-2023-3154", "sightings": [{"uuid": "f161c103-8023-4120-b7ed-548090484811", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-31546", "type": "seen", "source": "https://t.me/ctinow/156180", "content": "https://ift.tt/k1LiN02\nCVE-2023-31546 Exploit", "creation_timestamp": "2023-12-18T23:17:47.000000Z"}, {"uuid": "73127727-86b9-403c-9291-62d3e1e2f230", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-31544", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/2795", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-31544\n\ud83d\udd39 Description: A stored cross-site scripting (XSS) vulnerability in alkacon-OpenCMS v11.0.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field under the Upload Image module.\n\ud83d\udccf Published: 2023-05-16T00:00:00.000Z\n\ud83d\udccf Modified: 2025-01-23T17:11:36.047Z\n\ud83d\udd17 References:\n1. https://github.com/alkacon/opencms-core/issues/652\n2. https://github.com/alkacon/opencms-core/commit/21bfbeaf6b038e2c03bb421ce7f0933dd7a7633e", "creation_timestamp": "2025-01-23T18:03:34.000000Z"}, {"uuid": "00552789-0bed-4e54-b658-85cd5c11a7ba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-31543", "type": "seen", "source": "https://t.me/cibsecurity/65825", "content": "\u203c CVE-2023-31543 \u203c\n\nA dependency confusion in pipreqs v0.3.0 to v0.4.11 allows attackers to execute arbitrary code via uploading a crafted PyPI package to the chosen repository server.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-01T01:42:09.000000Z"}, {"uuid": "d027fa01-bed0-49f0-92ae-c6a4f2c60d3b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-31541", "type": "published-proof-of-concept", "source": "https://t.me/MrVGunz/808", "content": "CVE-2023-31541 : CKEditor plugin v1.2.3 - Arbitrary file upload\nVerified : \u2714\ufe0f\nPOC : https://github.com/DreamD2v/CVE-2023-31541/blob/main/CVE-2023-31541.md", "creation_timestamp": "2023-08-10T14:30:31.000000Z"}, {"uuid": "515f374d-8ae8-448b-aab4-e000a17222db", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-31546", "type": "seen", "source": "https://t.me/ctinow/165936", "content": "https://ift.tt/soPqIwy\nCVE-2023-31546 | DedeBIZ 6.0.3 Search Box keyword cross site scripting", "creation_timestamp": "2024-01-10T16:41:54.000000Z"}, {"uuid": "fbd4c071-a91f-450a-8713-19920a1f27e1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-31546", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/9579", "content": "#exploit\n1. CVE-2023-50164:\nApache Struts2 Exploit\nhttps://xz.aliyun.com/t/13172\n\n2. CVE-2023-31546:\nDedeBIZ v6.0.3 XSS vulnerability\nhttps://github.com/ran9ege/CVE-2023-31546/blob/main/CVE-2023-31546.md\n\n3. Exploits with pwntools library in Python3. ROP, BOF, SHELLCODE\nhttps://github.com/davidenetti/SoftwareSecurityNotes", "creation_timestamp": "2023-12-13T15:20:17.000000Z"}, {"uuid": "7ad741bb-e12e-44dc-a471-0408612fa7ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-31541", "type": "published-proof-of-concept", "source": "https://t.me/HackerOne/3515", "content": "A unrestricted file upload vulnerability was discovered in the \u2018Browse and upload images\u2019 feature of the CKEditor v1.2.3 plugin for Redmine, which allows arbitrary files to be uploaded to the server.\n\nhttps://github.com/DreamD2v/CVE-2023-31541/blob/main/CVE-2023-31541.md", "creation_timestamp": "2023-06-27T16:22:20.000000Z"}, {"uuid": "e75faa05-f5d8-4fe5-a06d-655674bd307d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-31544", "type": "seen", "source": "https://t.me/cibsecurity/64269", "content": "\u203c CVE-2023-31544 \u203c\n\nA stored cross-site scripting (XSS) vulnerability in alkacon-OpenCMS v11.0.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field under the Upload Image module.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-17T00:32:36.000000Z"}, {"uuid": "6907f80d-b048-4126-96da-dca9f12e5d59", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-31546", "type": "published-proof-of-concept", "source": "https://t.me/Rootsec_2/2260", "content": "#exploit\n1. CVE-2023-50164:\nApache Struts2 Exploit\nhttps://xz.aliyun.com/t/13172\n\n2. CVE-2023-31546:\nDedeBIZ v6.0.3 XSS vulnerability\nhttps://github.com/ran9ege/CVE-2023-31546/blob/main/CVE-2023-31546.md\n\n3. Exploits with pwntools library in Python3. ROP, BOF, SHELLCODE\nhttps://github.com/davidenetti/SoftwareSecurityNotes", "creation_timestamp": "2024-08-16T08:56:12.000000Z"}]}