{"vulnerability": "CVE-2023-3419", "sightings": [{"uuid": "81fe373a-af7d-4c4f-8e8f-350de159d4e0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2023-34192", "type": "seen", "source": "https://bsky.app/profile/kyosuke-tanaka.bsky.social/post/3lj2xhe4gjk2b", "content": "", "creation_timestamp": "2025-02-26T08:28:13.197444Z"}, {"uuid": "579a5a83-3367-44fc-8338-d07becad40ff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34192", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lj4blagfri2u", "content": "", "creation_timestamp": "2025-02-26T21:02:00.854405Z"}, {"uuid": "d7295670-dd9c-4176-8d79-1adf922fc6b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34192", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/3426238", "content": "", "creation_timestamp": "2025-02-25T17:52:14.208679Z"}, {"uuid": "55d17ba2-82a5-417a-995b-61620d9ff920", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34192", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-25T18:10:02.000000Z"}, {"uuid": "c812ea35-2860-4826-8129-4a1ee316659c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34192", "type": "seen", "source": "https://bsky.app/profile/aakl.bsky.social/post/3lizpq7bres2l", "content": "", "creation_timestamp": "2025-02-25T20:37:21.266422Z"}, {"uuid": "bd2e43a6-a145-40df-b85d-527320d4a27a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34192", "type": "seen", "source": "https://bsky.app/profile/aakl.bsky.social/post/3lizpq7cby22l", "content": "", "creation_timestamp": "2025-02-25T20:37:21.797067Z"}, {"uuid": "e72f436a-69d3-455b-a5a1-a954fddf0ce2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34192", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3lizqofyap22p", "content": "", "creation_timestamp": "2025-02-25T20:54:14.084204Z"}, {"uuid": "5e3d72aa-4d50-4997-98c9-8ca3f7ae7af5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34192", "type": "seen", "source": "https://bsky.app/profile/kitafox.bsky.social/post/3lizxtkhe2r2l", "content": "", "creation_timestamp": "2025-02-25T23:02:22.551806Z"}, {"uuid": "f1d7ef53-412f-472e-a74a-b3bd57582a91", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34192", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-03-06T04:40:21.000000Z"}, {"uuid": "168641df-0725-46d4-b42a-955fd1fee26a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34192", "type": "seen", "source": "https://bsky.app/profile/calebpr.bsky.social/post/3lj7lqwti7f2k", "content": "", "creation_timestamp": "2025-02-28T04:42:08.313570Z"}, {"uuid": "1ca1f950-8a86-497b-88cd-e7ba21eefa40", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34192", "type": "seen", "source": "https://bsky.app/profile/andranglin.bsky.social/post/3lj2tqaeuqs2m", "content": "", "creation_timestamp": "2025-02-26T07:21:40.762660Z"}, {"uuid": "9e364cd7-e001-4de6-8e41-61a557766483", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34194", "type": "seen", "source": "https://t.me/ctinow/165672", "content": "https://ift.tt/Eo7KMhn\nCVE-2023-34194 | TinyXML up to 2.6.2 XML Document tinyxmlparser.cpp TiXmlDeclaration::Parse assertion (DLA 3701-1)", "creation_timestamp": "2024-01-10T10:11:44.000000Z"}, {"uuid": "ac6e99c8-fb8f-4c51-bcfe-a2c8aee210d2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34198", "type": "seen", "source": "Telegram/rlbnNF-jij67DefhaWE2LbN5fl2EUUZ-rkEH-Fpnh2-vyvll", "content": "", "creation_timestamp": "2025-02-14T17:39:47.000000Z"}, {"uuid": "8e8cb3e5-e1e6-4f4a-8f75-ff0f94bdc422", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34192", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/5328", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-34192\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Cross Site Scripting vulnerability in Zimbra ZCS v.8.8.15 allows a remote authenticated attacker to execute arbitrary code via a crafted script to the /h/autoSaveDraft function.\n\ud83d\udccf Published: 2023-07-06T00:00:00.000Z\n\ud83d\udccf Modified: 2025-02-25T15:54:54.597Z\n\ud83d\udd17 References:\n1. https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories\n2. https://wiki.zimbra.com/wiki/Security_Center\n3. https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy", "creation_timestamp": "2025-02-25T16:23:14.000000Z"}, {"uuid": "b3699ea7-2a49-4f20-ad35-18126a13b558", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34192", "type": "exploited", "source": "https://t.me/ctinow/124273", "content": "https://ift.tt/vR3rGKy\nCritical XSS vulnerability in Zimbra exploited in the wild (CVE-2023-34192)", "creation_timestamp": "2023-07-17T15:17:53.000000Z"}, {"uuid": "93e550a0-6c76-474a-b69c-a55b24ad5d10", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34195", "type": "seen", "source": "https://t.me/cibsecurity/70649", "content": "\u203c CVE-2023-34195 \u203c\n\nAn issue was discovered in SystemFirmwareManagementRuntimeDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. The implementation of the GetImage method retrieves the value of a runtime variable named GetImageProgress, and later uses this value as a function pointer. This variable is wiped out by the same module near the end of the function. By setting this UEFI variable from the OS to point into custom code, an attacker could achieve arbitrary code execution in the DXE phase, before several chipset locks are set.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-18T16:42:01.000000Z"}, {"uuid": "4fbd1b28-f604-4126-b02f-7995ffbf24cf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34192", "type": "seen", "source": "https://bsky.app/profile/hackingne.ws/post/3lj3aa5hyzl2l", "content": "", "creation_timestamp": "2025-02-26T11:05:15.009233Z"}, {"uuid": "82294f9d-30ac-4248-8ab9-f4315c25e18e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34192", "type": "seen", "source": "MISP/fc16b923-3a13-4e9d-9aac-10a57cac12c7", "content": "", "creation_timestamp": "2025-08-18T18:30:59.000000Z"}, {"uuid": "c22bf43c-8df3-4fd5-a0ec-d43e76c9ce08", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2023-34192", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/224a28d7-5d4e-41b1-bad3-2f6cfbce6885", "content": "", "creation_timestamp": "2026-02-02T12:26:11.221831Z"}, {"uuid": "acf41733-7d8d-45af-92e1-72a71bf77ee7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34198", "type": "seen", "source": "Telegram/OkDlms33UEIZ4mXI76_sM7yIg36dSdvNu0XFVeydAx3n52O4", "content": "", "creation_timestamp": "2025-02-14T21:08:31.000000Z"}, {"uuid": "01ee9013-c5fd-4b34-81ed-7bbc4fc5e07c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-3419", "type": "seen", "source": "https://t.me/CveExploits/18", "content": "\ud83d\udea8 CVE-2023-3419\nThe tagDiv Opt-In Builder plugin is vulnerable to Blind SQL Injection via the 'couponId' parameter of the 'recreate_stripe_subscription' REST API endpoint in versions up to, and including, 1.4.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with administrator-level privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.", "creation_timestamp": "2024-08-17T14:02:37.000000Z"}, {"uuid": "dbbb6ba4-6d19-43c8-95b5-a67ec17faa98", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34192", "type": "published-proof-of-concept", "source": "https://t.me/MrVGunz/843", "content": "CVE-2023-34192 : \u00a0Zimbra XSS To RCE\nhttps://mp.weixin.qq.com/s/Vz8yL4xBlZN5EQQ_BG0OOA", "creation_timestamp": "2023-08-20T14:30:22.000000Z"}, {"uuid": "aee77bef-5fe0-4f05-b43a-b1f6d773fc68", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34197", "type": "seen", "source": "https://t.me/cibsecurity/66185", "content": "\u203c CVE-2023-34197 \u203c\n\nZoho ManageEngine ServiceDesk Plus before 14202, ServiceDesk Plus MSP before 14300, and SupportCenter Plus before 14300 have a privilege escalation vulnerability in the Release module that allows unprivileged users to access the Reminders of a release ticket and make modifications.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-07T16:11:14.000000Z"}, {"uuid": "5a3ed946-a5d9-4723-a232-8e385bef1187", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34192", "type": "exploited", "source": "https://t.me/thehackernews/6399", "content": "\ud83d\udd10 CISA has just added two critical vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog\u2014both actively exploited.\n\nHook: Microsoft Partner Center\u2019s CVE-2024-49035 and Synacor ZCS\u2019s CVE-2023-34192 are putting organizations at risk.\n\nRead the full article: https://thehackernews.com/2025/02/cisa-adds-microsoft-and-zimbra-flaws-to.html", "creation_timestamp": "2025-02-26T05:35:01.000000Z"}, {"uuid": "28de1bf1-1dcf-41c7-a12d-0c1c61030892", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34192", "type": "exploited", "source": "https://t.me/CybNux/7679", "content": "\ud83d\udd10 \u0623\u0636\u0627\u0641\u062a CISA \u0644\u0644\u062a\u0648 \u062b\u063a\u0631\u062a\u064a\u0646 \u062e\u0637\u064a\u0631\u062a\u064a\u0646 \u0625\u0644\u0649 \u0643\u062a\u0627\u0644\u0648\u062c \u0627\u0644\u062b\u063a\u0631\u0627\u062a \u0627\u0644\u0645\u0633\u062a\u063a\u0644\u0629 \u0627\u0644\u0645\u0639\u0631\u0648\u0641\u0629 (KEV) - \u0648\u0643\u0644\u0627\u0647\u0645\u0627 \u064a\u062a\u0645 \u0627\u0633\u062a\u063a\u0644\u0627\u0644\u0647\u0645\u0627 \u0628\u0646\u0634\u0627\u0637.\n\n\u0627\u0644\u062e\u0637\u0627\u0641: \u0625\u0646 \u062b\u063a\u0631\u0629 CVE-2024-49035 \u0627\u0644\u062e\u0627\u0635\u0629 \u0628\u0645\u0631\u0643\u0632 \u0634\u0631\u0643\u0627\u0621 Microsoft \u0648CVE-2023-34192 \u0627\u0644\u062e\u0627\u0635\u0629 \u0628\u0640 Synacor ZCS \u062a\u0639\u0631\u0636 \u0627\u0644\u0645\u0624\u0633\u0633\u0627\u062a \u0644\u0644\u062e\u0637\u0631.\n\n#\u0623\u062e\u0628\u0627\u0631", "creation_timestamp": "2025-02-26T16:28:27.000000Z"}, {"uuid": "e5a0d6e7-0aa0-4cfd-a9bf-c80dd4838b0c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34193", "type": "seen", "source": "https://t.me/cibsecurity/66140", "content": "\u203c CVE-2023-34193 \u203c\n\nFile Upload vulnerability in Zimbra ZCS 8.8.15 allows an authenticated privileged user to execute arbitrary code and obtain sensitive information via the ClientUploader function.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-08T11:08:13.000000Z"}, {"uuid": "5004934c-508a-4276-9952-3afd331a54e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34192", "type": "seen", "source": "https://t.me/cibsecurity/66147", "content": "\u203c CVE-2023-34192 \u203c\n\nCross Site Scripting vulnerability in Zimbra ZCS v.8.8.15 allows a remote authenticated attacker to execute arbitrary code via a crafted script to the /h/autoSaveDraft function.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-06T20:20:39.000000Z"}]}