{"vulnerability": "CVE-2023-6710", "sightings": [{"uuid": "f40784cc-2697-4125-80d3-47aaec191782", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-6710", "type": "seen", "source": "https://t.me/arpsyndicate/2201", "content": "#ExploitObserverAlert\n\nCVE-2023-6710\n\nDESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-6710. A flaw was found in the mod_proxy_cluster in the Apache server. This issue may allow a malicious user to add a script in the 'alias' parameter in the URL to trigger the stored cross-site scripting (XSS) vulnerability. By adding a script on the alias parameter on the URL, it adds a new virtual host and adds the script to the cluster-manager page. The impact of this vulnerability is considered as Low, as the cluster_manager URL should not be exposed outside and is protected by user/password.\n\nFIRST-EPSS: 0.000430000\nNVD-IS: 2.7\nNVD-ES: 2.3", "creation_timestamp": "2023-12-28T05:48:11.000000Z"}, {"uuid": "b0af1840-ca5f-41a0-b3d7-dc45a74cb78d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-6710", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/1762", "content": "https://github.com/DedSec-47/CVE-2023-6710\n#github #exploit", "creation_timestamp": "2023-12-26T08:54:10.000000Z"}, {"uuid": "f853c85d-cf70-49fc-9002-3961e7143a40", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-6710", "type": "seen", "source": "https://t.me/ctinow/161633", "content": "https://ift.tt/oAT6r2X\nCVE-2023-6710 | Apache HTTP Server mod_proxy_cluster alias cross site scripting", "creation_timestamp": "2024-01-02T10:06:54.000000Z"}, {"uuid": "eb999b0a-2337-4305-a14f-7a7215a8e218", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-6710", "type": "published-proof-of-concept", "source": "https://t.me/Rootsec_2/2600", "content": "#exploit\n1. CVE-2023-6710:\nApache HTTP Server mod_proxy_cluster XSS\nhttps://github.com/DedSec-47/CVE-2023-6710\n\n2. CVE-2023-40362:\nAccess control vulnerability in Click2Gov\nhttps://github.com/ally-petitt/CVE-2023-40362", "creation_timestamp": "2024-08-16T09:08:01.000000Z"}, {"uuid": "6af89a4d-4379-4d6f-8c55-38f6aa0dc2f9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-6710", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/9660", "content": "#exploit\n1. CVE-2023-6710:\nApache HTTP Server mod_proxy_cluster XSS\nhttps://github.com/DedSec-47/CVE-2023-6710\n\n2. CVE-2023-40362:\nAccess control vulnerability in Click2Gov\nhttps://github.com/ally-petitt/CVE-2023-40362", "creation_timestamp": "2024-11-12T02:00:35.000000Z"}]}