{"vulnerability": "CVE-2023-3170", "sightings": [{"uuid": "749f7bf0-cf2f-43b7-838e-c5a2fcf265c9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-31705", "type": "seen", "source": "https://t.me/cibsecurity/66674", "content": "\u203c CVE-2023-31705 \u203c\n\nA Reflected Cross-site scripting (XSS) vulnerability in Sourcecodester Task Reminder System 1.0 allows an authenticated user to inject malicious javascript into the page parameter.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-13T18:11:53.000000Z"}, {"uuid": "488852b0-0065-4081-b5c1-79db03ffee5f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-31700", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/2607", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-31700\n\ud83d\udd39 Description: TP-Link TL-WPA4530 KIT V2 (EU)_170406 and V2 (EU)_161115 is vulnerable to Command Injection via _httpRpmPlcDeviceAdd.\n\ud83d\udccf Published: 2023-05-17T00:00:00\n\ud83d\udccf Modified: 2025-01-22T17:20:11.002Z\n\ud83d\udd17 References:\n1. https://github.com/FirmRec/IoT-Vulns/blob/main/tp-link/postPlcJson/report.md", "creation_timestamp": "2025-01-22T18:02:40.000000Z"}, {"uuid": "599a8cb5-2c93-45aa-a343-093963c05c05", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-31701", "type": "seen", "source": "https://t.me/arpsyndicate/2387", "content": "#ExploitObserverAlert\n\nCVE-2023-31701\n\nDESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-31701. TP-Link TL-WPA4530 KIT V2 (EU)_170406 and V2 (EU)_161115 is vulnerable to Command Injection via _httpRpmPlcDeviceRemove.\n\nFIRST-EPSS: 0.001300000\nNVD-IS: 5.9\nNVD-ES: 2.8", "creation_timestamp": "2024-01-04T00:04:07.000000Z"}, {"uuid": "8035c0cd-1703-4967-ad95-3149dd3f2418", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-31703", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/3011", "content": "Tools - Hackers Factory \n\nFresh Resolvers\n\nUses DNS Validator to generate a list of fresh working DNS resolvers every day.\n\nhttps://github.com/Findomain/fresh-resolvers\n\n#infosec #pentesting #bugbounty\n\nPublications\n\nA home for publications, including slides/papers, proof-of-concepts, videos and tools.\n\nhttps://github.com/elttam/publications\n\n#cybersecurity #infosec\n\nCVE-2023-32243\n\nEssential Addons for Elementor 5.4.0-5.7.1 - Unauthenticated Privilege Escalation. The plugin does not validate the password reset key, which could allow unauthenticated attackers to reset arbitrary account's password to anything they want, by knowing the related email or username, gaining access to them.\n\nhttps://github.com/RandomRobbieBF/CVE-2023-32243\n\n#cve #cybersecurity #infosec\n\nCVE-2023-31703\n\nCross Site Scripting (XSS) in the edit user form in Microworld Technologies eScan management console 14.0.1400.2281 allows remote attacker to inject arbitrary code via the from parameter in the URL directly.\n\nhttps://github.com/sahiloj/CVE-2023-31703\n\n#cve #cybersecurity #infosec\n\nhacking-books\n\nhttps://github.com/tanc7/hacking-books\n\n#cybersecurity #infosec\n\nDiscord-Recon\n\nDiscord bot created to automate bug bounty recon, automated scans and information gathering via a #discord server.\n\nhttps://github.com/DEMON1A/Discord-Recon\n\n#OSINT #recon #infosec\n\nhackthebox\n\nNotes Taken for HTB Machines & InfoSec Community.\n\nhttps://github.com/dhaneshsivasamy07/hackthebox\n\n#cybersecurity #infosec\n\nAuditor Roadmap\n\nAn open source repository, dedicated towards creating a journal of free materials for learning smart contract development & auditing.\n\nhttps://github.com/contractcops/auditingroadmap\n\n#cybersecurity #infosec #pentesting\n\nPassMute\n\nA multi featured Password Transmutation/Mutator Tool.\n\nhttps://github.com/HITH-Hackerinthehouse/PassMute\n\n#infosec #pentesting #redteam\n\nInfosec Streams List\n\nA (hopefully) actively maintained activity-based-autosorted list of InfoSec Streamers.\n\nhttps://github.com/infosecstreams/infosecstreams.github.io\n\nWeb:\nhttps://infosecstreams.com/\n\n#cybersecurity #infosec #pentesting\n\nWiFi Exploitation Framework\n\nA fully offensive framework to the 802.11 networks and protocols with different types of attacks for WPA/WPA2 and WEP, automated hash cracking, and much more.\n\nhttps://github.com/D3Ext/WEF\n\n#infosec #pentesting #redteam\n\nDed Security Framework\n\nA tool aimed at security professionals.\n\nhttps://github.com/dedsecurity/dedsecurity-framework\n\n#infosec #pentesting #redteam\n\nhttps://t.me/dilagrafie\nhttps://t.me/HackerFactory", "creation_timestamp": "2023-05-18T16:35:04.000000Z"}, {"uuid": "94b872a1-afdc-4d81-bc7f-c4b590770e67", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-31704", "type": "seen", "source": "https://t.me/cibsecurity/66667", "content": "\u203c CVE-2023-31704 \u203c\n\nSourcecodester Online Computer and Laptop Store 1.0 is vulnerable to Incorrect Access Control, which allows remote attackers to elevate privileges to the administrator's role.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-13T18:11:43.000000Z"}, {"uuid": "962fe960-fe6d-4919-b813-abe60811197d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-31701", "type": "seen", "source": "https://t.me/cibsecurity/64328", "content": "\u203c CVE-2023-31701 \u203c\n\nTP-Link TL-WPA4530 KIT V2 (EU)_170406 and V2 (EU)_161115 is vulnerable to Command Injection via _httpRpmPlcDeviceRemove.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-17T18:44:56.000000Z"}, {"uuid": "0baf93bf-b40f-4c0b-afc5-6f60bdf69ab6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-31700", "type": "seen", "source": "https://t.me/cibsecurity/64324", "content": "\u203c CVE-2023-31700 \u203c\n\nTP-Link TL-WPA4530 KIT V2 (EU)_170406 and V2 (EU)_161115 is vulnerable to Command Injection via _httpRpmPlcDeviceAdd.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-17T18:41:52.000000Z"}, {"uuid": "dec2c24e-62fe-47ae-b3d5-b263e08cd34a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-31703", "type": "seen", "source": "https://t.me/cibsecurity/64314", "content": "\u203c CVE-2023-31703 \u203c\n\nCross Site Scripting (XSS) in the edit user form in Microworld Technologies eScan management console 14.0.1400.2281 allows remote attacker to inject arbitrary code via the from parameter.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-17T16:31:15.000000Z"}, {"uuid": "abca36b8-0d92-4037-8607-a56816de0539", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-31702", "type": "seen", "source": "https://t.me/cibsecurity/64311", "content": "\u203c CVE-2023-31702 \u203c\n\nSQL injection in the View User Profile in MicroWorld eScan Management Console 14.0.1400.2281 allows remote attacker to dump entire database and gain windows XP command shell to perform code execution on database server via GetUserCurrentPwd?UsrId=1.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-20T20:12:45.000000Z"}, {"uuid": "72aea1d2-0d73-4c32-b97f-4ad8f22cb0b7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-31702", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/8320", "content": "#exploit\n1. CVE-2023-31702 / CVE-2023-31703:\neScan Management Console 14.0.x - Cross Site Scripting/SQL Injection\nhttps://github.com/sahiloj/CVE-2023-31703\n\n2. CVE-2023-32243:\nEssential Addons for Elementor - Unauth Privilege Escalation\nhttps://github.com/RandomRobbieBF/CVE-2023-32243", "creation_timestamp": "2023-05-18T18:40:32.000000Z"}, {"uuid": "01eeaf0d-a835-4208-bc90-0daf2c273474", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-31703", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/8320", "content": "#exploit\n1. CVE-2023-31702 / CVE-2023-31703:\neScan Management Console 14.0.x - Cross Site Scripting/SQL Injection\nhttps://github.com/sahiloj/CVE-2023-31703\n\n2. CVE-2023-32243:\nEssential Addons for Elementor - Unauth Privilege Escalation\nhttps://github.com/RandomRobbieBF/CVE-2023-32243", "creation_timestamp": "2023-05-18T18:40:32.000000Z"}]}