{"vulnerability": "CVE-2024-4290", "sightings": [{"uuid": "337e7928-509f-4f79-b4c2-386abef1a802", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42903", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/7503", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-42903\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A Host header injection vulnerability in the password reset function of LimeSurvey v.6.6.1+240806 and before allows attackers to send users a crafted password reset link that will direct victims to a malicious domain.\n\ud83d\udccf Published: 2024-09-03T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-13T20:30:26.321Z\n\ud83d\udd17 References:\n1. https://github.com/LimeSurvey/LimeSurvey/pull/3920\n2. https://github.com/LimeSurvey/LimeSurvey/compare/6.6.0+240729...6.6.1+240806\n3. https://github.com/sysentr0py/CVEs/tree/main/CVE-2024-42903", "creation_timestamp": "2025-03-13T20:43:12.000000Z"}, {"uuid": "97acd60b-b760-40b7-ac6a-e9c776205edc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42905", "type": "seen", "source": "https://t.me/cvedetector/4346", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-42905 - Beijing Digital China Cloud Technology Co., Ltd. D\", \n  \"Content\": \"CVE ID : CVE-2024-42905 \nPublished : Aug. 28, 2024, 6:15 p.m. | 37\u00a0minutes ago \nDescription : Beijing Digital China Cloud Technology Co., Ltd. DCME-320 v.7.4.12.60 has a command execution vulnerability, which can be exploited to obtain device administrator privileges via the getVar function in the code/function/system/tool/ping.php file. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"28 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-28T20:59:13.000000Z"}, {"uuid": "ceab2ea5-0a28-406a-b997-a9e0d7fe50b2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42903", "type": "seen", "source": "https://t.me/cvedetector/4705", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-42903 - A Host header injection vulnerability in the passw\", \n  \"Content\": \"CVE ID : CVE-2024-42903 \nPublished : Sept. 3, 2024, 6:15 p.m. | 31\u00a0minutes ago \nDescription : A Host header injection vulnerability in the password reset function of LimeSurvey v.6.6.1+240806 and before allows attackers to send users a crafted password reset link that will direct victims to a malicious domain. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"03 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-03T20:49:11.000000Z"}, {"uuid": "64e16562-c3de-491c-a1f6-4ee31a932055", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42900", "type": "seen", "source": "https://t.me/cvedetector/4328", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-42900 - Ruoyi XSS Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-42900 \nPublished : Aug. 28, 2024, 4:15 p.m. | 44\u00a0minutes ago \nDescription : Ruoyi v4.7.9 and before was discovered to contain a cross-site scripting (XSS) vulnerability via the sql parameter of the createTable() function at /tool/gen/create. \nSeverity: 6.1 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"28 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-28T19:18:35.000000Z"}, {"uuid": "753db2ae-d6b9-4456-a1e2-ff48e91aff2d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42902", "type": "seen", "source": "https://t.me/cvedetector/4704", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-42902 - LimeSurvey Critical Remote Code Execution Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-42902 \nPublished : Sept. 3, 2024, 6:15 p.m. | 31\u00a0minutes ago \nDescription : An issue in the js_localize.php function of LimeSurvey v6.6.2 and before allows attackers to execute arbitrary code via injecting a crafted payload into the lng parameter of the js_localize.php function \nSeverity: 8.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"03 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-03T20:49:11.000000Z"}, {"uuid": "5861c6e7-2d84-4b15-9e09-aebcc9dbf16e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42906", "type": "seen", "source": "https://t.me/cvedetector/4202", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-42906 - TestLink XSS via File Upload\", \n  \"Content\": \"CVE ID : CVE-2024-42906 \nPublished : Aug. 26, 2024, 8:15 p.m. | 41\u00a0minutes ago \nDescription : TestLink before v.1.9.20 is vulnerable to Cross Site Scripting (XSS) via the pop-up on upload file. When uploading a file, the XSS payload can be entered into the file name. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"26 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-26T23:00:44.000000Z"}, {"uuid": "ebbe60f6-75f8-4cf8-a7c0-40540724714e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42904", "type": "seen", "source": "https://t.me/cvedetector/4708", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-42904 - SysPass XSS\", \n  \"Content\": \"CVE ID : CVE-2024-42904 \nPublished : Sept. 3, 2024, 6:15 p.m. | 31\u00a0minutes ago \nDescription : A cross-site scripting (XSS) vulnerability in SysPass 3.2.x allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the name parameter at /Controllers/ClientController.php. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"03 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-03T20:49:17.000000Z"}, {"uuid": "b51051d7-7011-43d3-9f00-6c15d04ddfa6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42901", "type": "seen", "source": "https://t.me/cvedetector/4706", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-42901 - LimeSurvey CSV Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-42901 \nPublished : Sept. 3, 2024, 6:15 p.m. | 31\u00a0minutes ago \nDescription : A CSV injection vulnerability in Lime Survey v6.5.12 allows attackers to execute arbitrary code via uploading a crafted CSV file. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"03 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-03T20:49:13.000000Z"}, {"uuid": "dab35e0c-2b78-4de8-b783-f82a8907c8a4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-4290", "type": "published-proof-of-concept", "source": "https://t.me/DARK_SPOT_TEAM/695", "content": "CVE ID : CVE-2024-4290\nSystem : wordpress\nType : Stored XSS\n\nExploit :\n1. Go to https://example.com/wp-admin/options-general.php?page=sailthru&action=options\n\n2. Enter the payload \">alert(2) for any of the inputs\n\n3. Save and see the XSS\n\n\nNote : you must\u00a0 be a high prvilage user such as admin to perform this attack", "creation_timestamp": "2024-06-06T08:20:41.000000Z"}, {"uuid": "f1e06eab-33da-436a-a41d-f639e9704cd5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-4290", "type": "published-proof-of-concept", "source": "https://t.me/CivilityBreaches/1844", "content": "CVE ID : CVE-2024-4290\nSystem : wordpress\nType : Stored XSS\n\nExploit :\n1. Go to https://example.com/wp-admin/options-general.php?page=sailthru&action=options\n\n2. Enter the payload \">alert(2) for any of the inputs\n\n3. Save and see the XSS\n\n\nNote : you must\u00a0 be a high prvilage user such as admin to perform this attack", "creation_timestamp": "2024-06-06T17:19:33.000000Z"}, {"uuid": "14b48853-c70a-4ab2-90ef-e6f05cf68b02", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-4290", "type": "published-proof-of-concept", "source": "https://t.me/openSource3/134", "content": "CVE ID : CVE-2024-4290\nSystem : wordpress\nType : Stored XSS\n\nExploit :\n1. Go to https://example.com/wp-admin/options-general.php?page=sailthru&action=options\n\n2. Enter the payload \">alert(2) for any of the inputs\n\n3. Save and see the XSS\n\u0627\u0644\u0627\u0633\u062a\u063a\u0644\u0627\u0644 :\n1. \u0627\u0630\u0647\u0628 \u0627\u0644\u0649 \u0647\u0630\u0627 \u0627\u0644\u0645\u0633\u0627\u0631 \u0641\u064a \u0627\u0644\u0645\u0648\u0642\u0639 \u0627\u0644\u0645\u0633\u062a\u0647\u062f\u0641  https://example.com/wp-admin/options-general.php?page=sailthru&action=options\n\n2. \u0627\u062f\u062e\u0644 \u0627\u0644\u0628\u0627\u0644\u0648\u062f \n \">alert(2) \n\n3. \u0627\u062d\u0641\u0638 \u0648\u0634\u0627\u0647\u062f xss\n\n \u0645\u0644\u0627\u062d\u0638\u0629 : \u064a\u062c\u0628 \u0623\u0646 \u062a\u0643\u0648\u0646 \u064a\u0648\u0632\u0631 \u0635\u0644\u0627\u062d\u064a\u0627\u062a \u0639\u0627\u0644\u064a\u0629 \u0639\u0644\u0649 wordpress \u062d\u062a\u0649 \u062a\u0646\u0641\u0630 \u0627\u0644\u0647\u062c\u0645\u0629 \u0639\u0644\u0649 \u0627\u0644\u0645\u0648\u0642\u0639\n\nNote : you must  be a high prvilage user such as admin to perform this attack", "creation_timestamp": "2024-05-25T18:20:50.000000Z"}, {"uuid": "96bfbea0-e449-4f91-9cdc-f103a6e0169c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-4290", "type": "published-proof-of-concept", "source": "Telegram/bFRsY-1VHMXIbYcuatAQxgkiOA-FELH_O5FYyyoLB87-YA", "content": "", "creation_timestamp": "2024-06-06T08:20:41.000000Z"}]}