{"vulnerability": "CVE-2023-4160", "sightings": [{"uuid": "4ac6d4ee-548d-4af4-8bbd-6ce77102005c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-41603", "type": "seen", "source": "https://t.me/ctinow/174861", "content": "https://ift.tt/WcaKVDn\nCVE-2023-41603 | D-Link R15 prior 1.08.02 IPv6 access control", "creation_timestamp": "2024-01-28T08:56:21.000000Z"}, {"uuid": "d03fedee-fa30-484c-96e1-a8801c506b4f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-41609", "type": "seen", "source": "https://t.me/cibsecurity/70226", "content": "\u203c CVE-2023-41609 \u203c\n\nAn open redirect vulnerability in the sanitize_url() parameter of CouchCMS v2.3 allows attackers to redirect a victim user to an arbitrary web site via a crafted URL.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-11T22:27:50.000000Z"}, {"uuid": "2b05d9b4-17aa-413c-af95-15ed9bd6d0cf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-4160", "type": "seen", "source": "https://t.me/cibsecurity/69530", "content": "\u203c CVE-2023-4160 \u203c\n\nThe WooCommerce PDF Invoice Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.2.90 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-31T12:13:09.000000Z"}, {"uuid": "3b204a1d-74dd-4d26-a686-0e858f4fc5c5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-41603", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/18620", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-41603\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: D-Link R15 before v1.08.02 was discovered to contain no firewall restrictions for IPv6 traffic. This allows attackers to arbitrarily access any services running on the device that may be inadvertently listening via IPv6.\n\ud83d\udccf Published: 2024-01-10T00:00:00.000Z\n\ud83d\udccf Modified: 2025-06-17T16:08:04.592Z\n\ud83d\udd17 References:\n1. https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10347", "creation_timestamp": "2025-06-17T16:41:14.000000Z"}, {"uuid": "06a31558-3006-4e89-af76-3a47eb29890d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-41603", "type": "seen", "source": "https://t.me/ctinow/165649", "content": "https://ift.tt/p1BlIdn\nCVE-2023-41603", "creation_timestamp": "2024-01-10T09:26:38.000000Z"}]}