{"vulnerability": "cve-2019-1017", "sightings": [{"uuid": "d8002807-6be0-4421-8bf2-2db0794ad956", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-10173", "type": "published-proof-of-concept", "source": "https://t.me/pwnwiki_zhchannel/128", "content": "CVE-2019-10173 Xstream 1.4.10\u9060\u7a0b\u4ee3\u78bc\u57f7\u884c\u6f0f\u6d1e\nhttps://www.pwnwiki.org/index.php?title=CVE-2019-10173_Xstream_1.4.10%E9%81%A0%E7%A8%8B%E4%BB%A3%E7%A2%BC%E5%9F%B7%E8%A1%8C%E6%BC%8F%E6%B4%9E", "creation_timestamp": "2021-09-21T06:42:51.000000Z"}, {"uuid": "1914b1eb-6ae8-4a1b-9306-b4d109844d11", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-10178", "type": "seen", "source": "https://t.me/cibsecurity/10583", "content": "ATENTION\u203c New - CVE-2019-10178\n\nIt was found that the Token Processing Service (TPS) did not properly sanitize the Token IDs from the \"Activity\" page, enabling a Stored Cross Site Scripting (XSS) vulnerability. An unauthenticated attacker could trick an authenticated victim into creating a specially crafted activity, which would execute arbitrary JavaScript code when viewed in a browser. All versions of pki-core are believed to be vulnerable.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-03-18T19:31:03.000000Z"}, {"uuid": "f3fbff2e-d67c-412e-9b7f-6c092236c8a1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-10172", "type": "seen", "source": "https://t.me/ctinow/191766", "content": "https://ift.tt/ieC1Fqo\nCVE-2019-10172 | Codehaus jackson-mapper-asl org.codehaus.jackson:jackson-mapper-asl:1.9.x XML Data xml external entity reference (DLA 2091-1)", "creation_timestamp": "2024-02-23T14:41:21.000000Z"}, {"uuid": "4a55736a-384d-4869-9015-8ca04dca276b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-10174", "type": "seen", "source": "https://t.me/ctinow/193636", "content": "https://ift.tt/QzMt8j3\nCVE-2019-10174 | Infinispan up to 9.x invokeAccessibly Application unknown vulnerability (RHSA-2020:0481)", "creation_timestamp": "2024-02-26T18:46:56.000000Z"}, {"uuid": "c0a7c7b2-b57f-4cbe-9dbf-8be2464f40e3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-10179", "type": "seen", "source": "https://t.me/cibsecurity/10655", "content": "ATENTION\u203c New - CVE-2019-10179\n\nA vulnerability was found in all pki-core 10.x.x versions, where the Key Recovery Authority (KRA) Agent Service did not properly sanitize recovery request search page, enabling a Reflected Cross Site Scripting (XSS) vulnerability. An attacker could trick an authenticated victim into executing specially crafted Javascript code.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-03-20T17:32:18.000000Z"}, {"uuid": "6ce1fe2f-dd3e-4d62-bec7-37d40f7b83d8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-10170", "type": "seen", "source": "https://t.me/cibsecurity/11951", "content": "ATENTION\u203c New - CVE-2019-10170\n\nA flaw was found in the Keycloak admin console, where the realm management interface permits a script to be set via the policy. This flaw allows an attacker with authenticated user and realm management permissions to configure a malicious script to trigger and execute arbitrary code with the permissions of the application user.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-05-08T19:36:27.000000Z"}]}