{"vulnerability": "CVE-2024-28741", "sightings": [{"uuid": "e7b5a3a0-0a47-417c-8b2e-0e8622d4be90", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-28741", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:46.000000Z"}, {"uuid": "bbd58474-63ee-4a2d-9121-8436aeccd282", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-28741", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:11:01.000000Z"}, {"uuid": "d860ba5f-5b45-4860-81ce-39681961dbb7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-28741", "type": "seen", "source": "MISP/a9d21043-f825-4bac-8d2b-56fb9e8343e7", "content": "", "creation_timestamp": "2025-10-23T21:13:02.000000Z"}, {"uuid": "cd008199-f7ea-4c75-afe7-65e79bdf41db", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-28741", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/northstar_c2_xss_to_agent_rce.rb", "content": "", "creation_timestamp": "2024-05-21T19:15:48.000000Z"}, {"uuid": "d3cb7a9c-c63a-4157-9014-dc35ace19f16", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-28741", "type": "seen", "source": "https://t.me/arpsyndicate/4407", "content": "#ExploitObserverAlert\n\nCVE-2024-28741\n\nDESCRIPTION: Exploit Observer has 23 entries in 5 file formats related to CVE-2024-28741. Cross Site Scripting vulnerability in EginDemirbilek NorthStar C2 v1 allows a remote attacker to execute arbitrary code via the login.php component.\n\nFIRST-EPSS: 0.000450000", "creation_timestamp": "2024-04-09T19:47:17.000000Z"}, {"uuid": "44b67eb0-7170-4953-b7bf-3746febf3382", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-28741", "type": "seen", "source": "https://t.me/arpsyndicate/4389", "content": "#ExploitObserverAlert\n\nCVE-2024-28741\n\nDESCRIPTION: Exploit Observer has 6 entries in 3 file formats related to CVE-2024-28741. Cross Site Scripting vulnerability in EginDemirbilek NorthStar C2 v1 allows a remote attacker to execute arbitrary code via the login.php component.\n\nFIRST-EPSS: 0.000450000", "creation_timestamp": "2024-04-08T07:45:52.000000Z"}, {"uuid": "036bf38d-c8d8-459b-a511-83abab3d19e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-28741", "type": "seen", "source": "https://t.me/arpsyndicate/4960", "content": "#ExploitObserverAlert\n\nCVE-2024-28741\n\nDESCRIPTION: Exploit Observer has 16 entries in 6 file formats related to CVE-2024-28741. Cross Site Scripting vulnerability in EginDemirbilek NorthStar C2 v1 allows a remote attacker to execute arbitrary code via the login.php component.\n\nFIRST-EPSS: 0.001630000\nARPS-PRIORITY: 0.8511741", "creation_timestamp": "2024-05-23T01:29:32.000000Z"}, {"uuid": "76432b1f-6af9-4f9a-ad77-abacb2ca880b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-28741", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/10152", "content": "#Threat_Research\n1. Arcserve Unified Data Protection 9.2 Multiple Vulnerabilities\nhttps://www.tenable.com/security/research/tra-2024-07\n2. Discovering CVE-2024-28741: RCE on NorthStar C2 agents via pre auth stored XSS\nhttps://blog.chebuya.com/posts/discovering-cve-2024-28741-remote-code-execution-on-northstar-c2-agents-via-pre-auth-stored-xss", "creation_timestamp": "2024-03-15T20:28:11.000000Z"}]}