{"vulnerability": "CVE-2024-2117", "sightings": [{"uuid": "dd811c84-7194-4be9-9227-9326afa55767", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2117", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3574", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-2117\n\ud83d\udd25 CVSS Score: 6.2 (CVSS_V3)\n\ud83d\udd39 Description: The Elementor Website Builder \u2013 More than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Path Widget in all versions up to, and including, 3.20.2 due to insufficient output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.\n\ud83d\udccf Published: 2024-04-09T21:31:59Z\n\ud83d\udccf Modified: 2025-01-31T03:32:13Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-2117\n2. https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3058940%40elementor&new=3058940%40elementor&sfp_email=&sfph_mail=\n3. https://www.wordfence.com/threat-intel/vulnerabilities/id/c8d7448a-b8a6-4b0b-92df-a15272fc56bf?source=cve", "creation_timestamp": "2025-01-31T04:13:05.000000Z"}, {"uuid": "0f911e3f-c1bc-4499-949f-f2f3f5251ee4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21173", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/8534", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-21173\n\ud83d\udd25 CVSS Score: 4.9 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)\n\ud83d\udd39 Description: Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).  Supported versions that are affected are 8.0.37 and prior and  8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).\n\ud83d\udccf Published: 2024-07-16T22:40:07.976Z\n\ud83d\udccf Modified: 2025-03-24T19:53:12.160Z\n\ud83d\udd17 References:\n1. https://www.oracle.com/security-alerts/cpujul2024.html", "creation_timestamp": "2025-03-24T20:23:54.000000Z"}, {"uuid": "d73879de-d035-4116-8f3f-996ee9f6a0dd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21170", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/8052", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-21170\n\ud83d\udd25 CVSS Score: 6.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)\n\ud83d\udd39 Description: Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/Python).  Supported versions that are affected are 8.4.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of MySQL Connectors accessible data as well as  unauthorized read access to a subset of MySQL Connectors accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Connectors. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).\n\ud83d\udccf Published: 2024-07-16T22:40:07.315Z\n\ud83d\udccf Modified: 2025-03-19T13:57:11.692Z\n\ud83d\udd17 References:\n1. https://www.oracle.com/security-alerts/cpujul2024.html", "creation_timestamp": "2025-03-19T14:16:45.000000Z"}, {"uuid": "f17af337-0d8b-4fe7-8fa2-03e881f63fa8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21179", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/7631", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-21179\n\ud83d\udd25 CVSS Score: 4.9 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)\n\ud83d\udd39 Description: Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).  Supported versions that are affected are 8.0.37 and prior and  8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).\n\ud83d\udccf Published: 2024-07-16T22:40:10.021Z\n\ud83d\udccf Modified: 2025-03-14T19:19:18.723Z\n\ud83d\udd17 References:\n1. https://www.oracle.com/security-alerts/cpujul2024.html", "creation_timestamp": "2025-03-14T19:45:01.000000Z"}, {"uuid": "5e368fea-c7ff-4f8b-9105-5de3c2db18ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21179", "type": "seen", "source": "https://t.me/cvedetector/1044", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-21179 - Oracle MySQL MySQL Server InnoDB DOS\", \n  \"Content\": \"CVE ID : CVE-2024-21179 \nPublished : July 16, 2024, 11:15 p.m. | 44\u00a0minutes ago \nDescription : Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).  Supported versions that are affected are 8.0.37 and prior and  8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). \nSeverity: 4.9 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"17 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-19T04:23:44.000000Z"}]}