{"vulnerability": "CVE-2024-3092", "sightings": [{"uuid": "7cd84f06-482b-4525-af82-0698d59cd7e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3092", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/17228", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-3092\n\ud83d\udd25 CVSS Score: 8.7 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N)\n\ud83d\udd39 Description: An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.9 before 16.9.4, all versions starting from 16.10 before 16.10.2. A payload may lead to a Stored XSS while using the diff viewer, allowing attackers to perform arbitrary actions on behalf of victims.\n\ud83d\udccf Published: 2024-04-12T00:53:11.346Z\n\ud83d\udccf Modified: 2025-05-22T04:11:34.952Z\n\ud83d\udd17 References:\n1. https://gitlab.com/gitlab-org/gitlab/-/issues/452510\n2. https://hackerone.com/reports/2441257", "creation_timestamp": "2025-05-22T04:42:55.000000Z"}, {"uuid": "7ea0de50-f1fb-457e-9a20-519f2b01f853", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-30920", "type": "seen", "source": "https://t.me/arpsyndicate/4724", "content": "#ExploitObserverAlert\n\nCVE-2024-30920\n\nDESCRIPTION: Exploit Observer has 7 entries in 3 file formats related to CVE-2024-30920. Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows a remote attacker to execute arbitrary code via the render-document.php component.\n\nFIRST-EPSS: 0.000430000\nARPS-PRIORITY: 0.8065359", "creation_timestamp": "2024-04-20T00:55:06.000000Z"}, {"uuid": "424284eb-6ce8-4736-8dc7-91b6272a7c8b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-30929", "type": "seen", "source": "https://t.me/ctinow/214256", "content": "https://ift.tt/4Q08cwy\nCVE-2024-30929: XSS Vulnerability in DerbyNet v9.0 via 'back' Parameter in playlist.php", "creation_timestamp": "2024-04-06T09:41:48.000000Z"}, {"uuid": "da198ccf-b2e6-41f0-b391-d109d02e920d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3092", "type": "seen", "source": "https://t.me/arpsyndicate/4657", "content": "#ExploitObserverAlert\n\nCVE-2024-3092\n\nDESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2024-3092. An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.9 before 16.9.4, all versions starting from 16.10 before 16.10.2. A payload may lead to a Stored XSS while using the diff viewer, allowing attackers to perform arbitrary actions on behalf of victims.\n\nFIRST-EPSS: 0.000430000\nARPS-EXPLOITABILITY: 0.775", "creation_timestamp": "2024-04-13T13:09:00.000000Z"}, {"uuid": "0e53648f-f11e-4e4f-95d2-7f9cbe50ebf4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-30928", "type": "seen", "source": "https://t.me/ctinow/214255", "content": "https://ift.tt/GnxOVvz\nCVE-2024-30928: SQL Injection Vulnerability in DerbyNet v9.0 via 'classids' Parameter", "creation_timestamp": "2024-04-06T09:41:44.000000Z"}, {"uuid": "d14330dd-6889-4394-a89f-415019464672", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-30927", "type": "seen", "source": "https://t.me/ctinow/214254", "content": "https://ift.tt/0qrew8v\nCVE-2024-30927: XSS Vulnerability in DerbyNet v9.0 via racer-results.php", "creation_timestamp": "2024-04-06T09:41:43.000000Z"}, {"uuid": "3f847b7b-7b7a-47ba-b6da-1a7dfc531faa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-30926", "type": "seen", "source": "https://t.me/ctinow/214253", "content": "https://ift.tt/YXVIz0L\nCVE-2024-30926: XSS Vulnerability in DerbyNet v9.0 via ./inc/kiosks.inc", "creation_timestamp": "2024-04-06T09:41:42.000000Z"}, {"uuid": "0b658cff-cc8f-4ea6-858f-f46ef59b3319", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-30925", "type": "seen", "source": "https://t.me/ctinow/214252", "content": "https://ift.tt/DGpMjOk\nCVE-2024-30925: XSS Vulnerability in DerbyNet v9.0 via photo-thumbs.php", "creation_timestamp": "2024-04-06T09:41:41.000000Z"}, {"uuid": "612050b4-0cb1-41f0-8977-1393eab64431", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-30924", "type": "seen", "source": "https://t.me/ctinow/214251", "content": "https://ift.tt/O1mNf4U\nCVE-2024-30924: XSS Vulnerability in DerbyNet v9.0 via checkin.php", "creation_timestamp": "2024-04-06T09:41:40.000000Z"}, {"uuid": "fc831ae0-19f7-4859-b0ce-29c82b04e1d1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-30923", "type": "seen", "source": "https://t.me/ctinow/214250", "content": "https://ift.tt/ZdOPrFJ\nCVE-2024-30923: SQL Injection in DerbyNet v9.0 via print/render/racer.inc", "creation_timestamp": "2024-04-06T09:41:39.000000Z"}, {"uuid": "92b47edf-b037-4b9f-827e-a89e066e4cdd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-30921", "type": "seen", "source": "https://t.me/ctinow/214248", "content": "https://ift.tt/fSYiWlD\nCVE-2024-30921: Unauthenticated XSS Vulnerability in DerbyNet v9.0 via photo.php", "creation_timestamp": "2024-04-06T09:41:37.000000Z"}, {"uuid": "2845cd8a-d7e3-4460-aeb6-faeca6b7a46e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-30920", "type": "seen", "source": "https://t.me/ctinow/214247", "content": "https://ift.tt/7W8j9Xe\nCVE-2024-30920: XSS Vulnerability in DerbyNet v9.0 via render-document.php", "creation_timestamp": "2024-04-06T09:41:36.000000Z"}, {"uuid": "bbff36c8-f73e-4681-a50d-1e1b3a4981f1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-30922", "type": "seen", "source": "https://t.me/ctinow/214249", "content": "https://ift.tt/At7Unfk\nCVE-2024-30922: SQL Injection in DerbyNet v9.0 via print/render/award.inc", "creation_timestamp": "2024-04-06T09:41:38.000000Z"}]}