{"vulnerability": "CVE-2023-3515", "sightings": [{"uuid": "6566e0c7-5a4a-43bb-9712-b57ab672ab2a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-35150", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/8928", "content": "#exploit\n1. CVE-2023-38389:\nWordpress JupiterX Core - Unauthenticated Account Takeover\nhttps://github.com/codeb0ss/CVE-2023-38389-PoC\n\n2. CVE-2023-35150:\nArbitrary Code Injection in XWiki*org XWiki\nhttps://www.zerodayinitiative.com/blog/2023/8/22/cve-2023-35150-arbitrary-code-injection-in-xwikiorg-xwiki", "creation_timestamp": "2023-08-28T11:01:00.000000Z"}, {"uuid": "fffc4628-a149-4ce3-9775-1c962ae95c90", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-3515", "type": "seen", "source": "https://t.me/cibsecurity/65977", "content": "\u203c CVE-2023-3515 \u203c\n\nOpen Redirect in GitHub repository go-gitea/gitea prior to 1.19.4.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-05T18:21:57.000000Z"}, {"uuid": "f2f7dec2-aed2-4a29-8c88-0501b02aea10", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-35159", "type": "published-proof-of-concept", "source": "https://t.me/cibsecurity/65479", "content": "\u203c CVE-2023-35159 \u203c\n\nXWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It's possible to exploit the deletespace template to perform a XSS, e.g. by using URL such as: > xwiki/bin/deletespace/Sandbox/?xredirect=javascript:alert(document.domain). This vulnerability exists since XWiki 3.4-milestone-1. The vulnerability has been patched in XWiki 14.10.5 and 15.1-rc-1.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-06-23T22:33:44.000000Z"}, {"uuid": "d1e4a6a1-32e4-49a4-a64c-e73303c6fa6b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-35151", "type": "seen", "source": "https://t.me/cibsecurity/65476", "content": "\u203c CVE-2023-35151 \u203c\n\nXWiki Platform is a generic wiki platform. Starting in version 7.3-milestone-1 and prior to versions 14.4.8, 14.10.6, and 15.1, ny user can call a REST endpoint and obtain the obfuscated passwords, even when the mail obfuscation is activated. The issue has been patched in XWiki 14.4.8, 14.10.6, and 15.1. There is no known workaround.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-06-23T22:22:17.000000Z"}, {"uuid": "0970dc97-a7c6-46e2-bf96-c35b7e8d7485", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-35150", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/950", "content": "https://www.zerodayinitiative.com/blog/2023/8/22/cve-2023-35150-arbitrary-code-injection-in-xwikiorg-xwiki\noday  cve 2023-35150", "creation_timestamp": "2023-08-28T05:23:38.000000Z"}]}