{"vulnerability": "CVE-2024-4158", "sightings": [{"uuid": "370c1c5a-ee39-442a-b278-0f5738bff4a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-4158", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3221", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-4158\n\ud83d\udd25 CVSS Score: 6.2 (CVSS_V3)\n\ud83d\udd39 Description: The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018tagName\u2019 parameter in versions up to, and including, 2.0.42 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.\n\ud83d\udccf Published: 2024-05-14T18:30:54Z\n\ud83d\udccf Modified: 2025-01-28T03:31:13Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-4158\n2. https://themes.trac.wordpress.org/changeset/226440/blocksy\n3. https://www.wordfence.com/threat-intel/vulnerabilities/id/22d1ccf3-ac1a-4dfc-81c3-b8eb88795bc1?source=cve", "creation_timestamp": "2025-01-28T04:09:20.000000Z"}, {"uuid": "9d774c41-c4fa-4bf4-95ec-26059ff3f450", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-41585", "type": "seen", "source": "https://t.me/cvedetector/6936", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-41585 - DrayTek Vigor3910 Command Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-41585 \nPublished : Oct. 3, 2024, 7:15 p.m. | 19\u00a0minutes ago \nDescription : DrayTek Vigor3910 devices through 4.3.2.6 are affected by an OS command injection vulnerability that allows an attacker to leverage the recvCmd binary to escape from the emulated instance and inject arbitrary commands into the host machine. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"03 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-03T21:38:26.000000Z"}, {"uuid": "e84a62f8-bc37-42ec-a4a3-25f79bc0e5bc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-41583", "type": "seen", "source": "https://t.me/cvedetector/6935", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-41583 - DrayTek Vigor3910 Stored XSS Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-41583 \nPublished : Oct. 3, 2024, 7:15 p.m. | 19\u00a0minutes ago \nDescription : DrayTek Vigor3910 devices through 4.3.2.6 are vulnerable to stored Cross Site Scripting (XSS) by authenticated users due to poor sanitization of the router name. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"03 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-03T21:38:25.000000Z"}, {"uuid": "6fd27413-e2f6-4773-922c-080db1da5b31", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-41589", "type": "seen", "source": "https://t.me/cvedetector/6928", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-41589 - DrayTek Vigor310 Authentication Token Leak\", \n  \"Content\": \"CVE ID : CVE-2024-41589 \nPublished : Oct. 3, 2024, 7:15 p.m. | 19\u00a0minutes ago \nDescription : DrayTek Vigor310 devices through 4.3.2.6 use unencrypted HTTP for authentication requests. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"03 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-03T21:38:16.000000Z"}, {"uuid": "6434591a-b536-4564-8e61-a659148191af", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-41588", "type": "seen", "source": "https://t.me/cvedetector/6927", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-41588 - DrayTek Vigor3910 Buffer Overflow Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-41588 \nPublished : Oct. 3, 2024, 7:15 p.m. | 19\u00a0minutes ago \nDescription : The CGI endpoints v2x00.cgi and cgiwcg.cgi of DrayTek Vigor3910 devices through 4.3.2.6 are vulnerable to buffer overflows, by authenticated users, because of missing bounds checking on parameters passed through POST requests to the strncpy function. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"03 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-03T21:38:16.000000Z"}, {"uuid": "fec558fd-2319-4aaf-9715-927e72594909", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-41587", "type": "seen", "source": "https://t.me/cvedetector/6926", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-41587 - DrayTek Vigor310 Stored XSS Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-41587 \nPublished : Oct. 3, 2024, 7:15 p.m. | 19\u00a0minutes ago \nDescription : Stored XSS, by authenticated users, is caused by poor sanitization of the Login Page Greeting message in DrayTek Vigor310 devices through 4.3.2.6. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"03 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-03T21:38:12.000000Z"}, {"uuid": "be2f77fd-042c-4357-815f-169a9e4912d9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-41586", "type": "seen", "source": "https://t.me/cvedetector/6925", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-41586 - DrayTek Vigor310 Buffer Overflow Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-41586 \nPublished : Oct. 3, 2024, 7:15 p.m. | 19\u00a0minutes ago \nDescription : A stack-based Buffer Overflow vulnerability in DrayTek Vigor310 devices through 4.3.2.6 allows a remote attacker to execute arbitrary code via a long query string to the cgi-bin/ipfedr.cgi component. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"03 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-03T21:38:11.000000Z"}, {"uuid": "827ee12f-0e79-4c4b-a37b-44acb1eb8681", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-41584", "type": "seen", "source": "https://t.me/cvedetector/6923", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-41584 - DrayTek Vigor3910 Reflected Cross-Site Scripting (XSS) Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-41584 \nPublished : Oct. 3, 2024, 7:15 p.m. | 19\u00a0minutes ago \nDescription : DrayTek Vigor3910 devices through 4.3.2.6 are vulnerable to reflected XSS by authenticated users, caused by missing validation of the sFormAuthStr parameter. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"03 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-03T21:38:10.000000Z"}]}