{"vulnerability": "CVE-2024-1036", "sightings": [{"uuid": "d15e0a8b-d4f4-4aef-8a66-7198a3cd5569", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10365", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113513943926741145", "content": "", "creation_timestamp": "2024-11-20T06:48:46.507317Z"}, {"uuid": "93becafb-2ce6-470f-a233-78eb02ff619c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10361", "type": "seen", "source": "MISP/3e4b778d-5810-4171-a915-f1d106684af4", "content": "", "creation_timestamp": "2025-08-11T18:27:49.000000Z"}, {"uuid": "a645f64d-eb27-41b6-9a81-844429d55b7e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10367", "type": "seen", "source": "https://t.me/cvedetector/9575", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10367 - Otter Blocks - WordPress Stored Cross-Site Scripting (XSS) in Gutenberg Editor\", \n  \"Content\": \"CVE ID : CVE-2024-10367 \nPublished : Nov. 1, 2024, 11:15 a.m. | 43\u00a0minutes ago \nDescription : The Otter Blocks \u2013 Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"01 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-01T13:00:24.000000Z"}, {"uuid": "55647fc6-53d1-4104-a74c-643f46639175", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10365", "type": "seen", "source": "https://t.me/cvedetector/11567", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10365 - Elementor Addons Sensitive Information Exposure\", \n  \"Content\": \"CVE ID : CVE-2024-10365 \nPublished : Nov. 20, 2024, 7:15 a.m. | 24\u00a0minutes ago \nDescription : The The Plus Addons for Elementor \u2013 Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.0.3 via the render function in modules/widgets/tp_carousel_anything.php, modules/widgets/tp_page_scroll.php, and other widgets. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"20 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-20T08:43:31.000000Z"}, {"uuid": "1428cf1e-2419-49a4-83b0-5f180b8323df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10360", "type": "seen", "source": "https://t.me/cvedetector/9290", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10360 - Elementor Move Addons WordPress Sensitive Information Exposure\", \n  \"Content\": \"CVE ID : CVE-2024-10360 \nPublished : Oct. 29, 2024, 11:15 a.m. | 41\u00a0minutes ago \nDescription : The Move Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.5 via the render function in includes/widgets/accordion/widget.php, includes/widgets/remote-template/widget.php, and other widget.php files. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"29 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-29T13:05:55.000000Z"}, {"uuid": "8d2f4a3f-3dcd-4ed7-a078-2fc9173e7d17", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10369", "type": "seen", "source": "https://t.me/cvedetector/8885", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10369 - Codezips Sales Management System SQL Injection\", \n  \"Content\": \"CVE ID : CVE-2024-10369 \nPublished : Oct. 25, 2024, 2:15 a.m. | 41\u00a0minutes ago \nDescription : A vulnerability was found in Codezips Sales Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /addcustcom.php. The manipulation of the argument refno leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. \nSeverity: 7.3 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"25 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-25T05:22:44.000000Z"}, {"uuid": "890b76d8-f91c-4d31-b1f2-9f65fb17ddbe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10368", "type": "seen", "source": "https://t.me/cvedetector/8884", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10368 - Codezips Sales Management System SQLi\", \n  \"Content\": \"CVE ID : CVE-2024-10368 \nPublished : Oct. 25, 2024, 2:15 a.m. | 41\u00a0minutes ago \nDescription : A vulnerability was found in Codezips Sales Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /addstock.php. The manipulation of the argument prodtype leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. \nSeverity: 7.3 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"25 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-25T05:22:43.000000Z"}, {"uuid": "bf9b3680-277d-4d22-878f-a9c40315262c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1036", "type": "seen", "source": "https://t.me/ctinow/189684", "content": "https://ift.tt/NoqR3nv\nCVE-2024-1036 | openBI up to 1.0.8 Icon Screen.php uploadIcon unrestricted upload", "creation_timestamp": "2024-02-21T15:42:14.000000Z"}, {"uuid": "54dd446e-1422-4dde-a65b-6d006d1da6fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1036", "type": "seen", "source": "https://t.me/ctinow/176191", "content": "https://ift.tt/UEwcP8z\nCVE-2024-1036", "creation_timestamp": "2024-01-30T19:26:15.000000Z"}]}