{"vulnerability": "CVE-2023-6148", "sightings": [{"uuid": "91d02aa2-af31-4ac9-b6b0-9b28204e0863", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-6148", "type": "seen", "source": "https://t.me/ctinow/174049", "content": "https://ift.tt/lcmpA3r\nCVE-2023-6148 | Qualys Policy Compliance Connector Plugin up to 1.0.5 on Jenkins cross site scripting", "creation_timestamp": "2024-01-26T08:36:18.000000Z"}, {"uuid": "470040cd-e781-4290-9647-0f19424df4d0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-6148", "type": "seen", "source": "https://t.me/arpsyndicate/3060", "content": "#ExploitObserverAlert\n\nCVE-2023-6148\n\nDESCRIPTION: Exploit Observer has 4 entries in 2 file formats related to CVE-2023-6148. Qualys Jenkins Plugin for Policy Compliance prior to version and including 1.0.5 was identified to be affected by a security flaw, which was missing a permission check while performing a connectivity check to Qualys Cloud Services. This allowed any user with login access and access to configure or edit jobs to utilize the plugin to configure a potential rouge endpoint via which\u00a0it was possible to control response for certain request which could be injected with XSS payloads leading to XSS\u00a0while processing the response data\n\nFIRST-EPSS: 0.000450000\nNVD-IS: 2.7\nNVD-ES: 2.3", "creation_timestamp": "2024-01-26T20:26:54.000000Z"}, {"uuid": "42022029-cc60-403b-8630-4124cc596cff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-6148", "type": "seen", "source": "https://t.me/ctinow/164913", "content": "https://ift.tt/56Qngzo\nCVE-2023-6148", "creation_timestamp": "2024-01-09T10:26:23.000000Z"}]}