{"vulnerability": "cve-2020-1111", "sightings": [{"uuid": "a73daf5b-fa8c-4916-89c3-520400ab97c8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-11110", "type": "seen", "source": "https://t.me/arpsyndicate/2609", "content": "#ExploitObserverAlert\n\nCVE-2020-11110\n\nDESCRIPTION: Exploit Observer has 10 entries related to CVE-2020-11110. Grafana through 6.7.1 allows stored XSS due to insufficient input protection in the originalUrl field, which allows an attacker to inject JavaScript code that will be executed after clicking on Open Original Dashboard after visiting the snapshot.\n\nFIRST-EPSS: 0.005120000\nNVD-IS: 2.7\nNVD-ES: 2.3", "creation_timestamp": "2024-01-07T03:27:04.000000Z"}, {"uuid": "88948896-8a89-45a9-ac92-573a5ee804f5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-11110", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/9743", "content": "#exploit\n1. CVE-2023-31446:\nDodge OPTIFY RCE\nhttps://github.com/Dodge-MPTC/CVE-2023-31446-Remote-Code-Execution\n\n2. CVE-2020-11110:\nGrafana Stored CSS\nhttps://github.com/AVE-Stoik/CVE-2020-11110-Proof-of-Concept/tree/main\n\n3.\u00a0CVE-2023-51467:\nApache Ofbiz Exploit\nhttps://github.com/JaneMandy/CVE-2023-51467-Exploit", "creation_timestamp": "2024-01-07T22:09:15.000000Z"}, {"uuid": "4da4dbc1-6f86-4fe0-af65-f014cc7330fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-11110", "type": "published-proof-of-concept", "source": "https://t.me/Rootsec_2/2439", "content": "#exploit\n1. CVE-2023-31446:\nDodge OPTIFY RCE\nhttps://github.com/Dodge-MPTC/CVE-2023-31446-Remote-Code-Execution\n\n2. CVE-2020-11110:\nGrafana Stored CSS\nhttps://github.com/AVE-Stoik/CVE-2020-11110-Proof-of-Concept/tree/main\n\n3.\u00a0CVE-2023-51467:\nApache Ofbiz Exploit\nhttps://github.com/JaneMandy/CVE-2023-51467-Exploit", "creation_timestamp": "2024-08-16T09:01:19.000000Z"}, {"uuid": "316dbb06-be35-4a2c-8242-6ebd9ed54ca4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-11110", "type": "seen", "source": "https://t.me/bhhub/403", "content": "#BugBountyTips of the Day\n\ud83d\udca5 RCE in PHP 8.1.0-dev! \ud83d\udca5  Nuclei Template available for FREE Preview and Download \ud83d\udc47 Be Fast! We have compiled them in one place here -  https://t.co/GoNbqa9gkD  @shifacyclewala  #bugbounty #hacktify #infosec #hackwithautomation  https://t.co/4epTfuFHWS\n---\n\ud83d\udd0d Still trying to find your first domain/subdomain takeover vulnerability? Go to  https://t.co/ORujp6DSp7 for a curated DNS takeover list.   Thanks @streaak for this #bugbountytip!   #bugbountytips  https://t.co/kSHY0WbSyo\n---\nAfter dedicating complete 5 months, I just crossed 500 reputation points on @Hacker0x01 !   \"In life you don\u2019t get what you want, you get what you work for.\"  #TogetherWeHitHarder #bugbounty #infosec #hackerone  https://t.co/xKUCzleZz8\n---\nCVE-2020-11110 Grafana XSS stored   #xss #bugbountytips #grafana  https://t.co/5YxHPhEb7f\n---\nEl Webinar Gratuito: \"Atacar Contrase\u00f1as con Kali Linux\" est\u00e1 disponible en video. #hacking #cybersecurity #bugbounty #osint #forensics ->  https://t.co/pS8qeeLKya  https://t.co/Q3uuuZxRVs", "creation_timestamp": "2021-06-20T13:37:04.000000Z"}, {"uuid": "93c64d0e-a90a-4aee-9603-46d4147a9040", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-11110", "type": "published-proof-of-concept", "source": "https://t.me/thebugbountyhunter/5474", "content": "Exploit CVE-2020-11110 Grafana Stored XSS\n\nhttps://ctf-writeup.revers3c.com/challenges/web/CVE-2020-11110/index.html", "creation_timestamp": "2021-06-19T00:23:22.000000Z"}, {"uuid": "c80b8e16-0230-42e6-bd97-523709483c57", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-11110", "type": "seen", "source": "https://t.me/cibsecurity/13673", "content": "ATENTION\u203c New - CVE-2020-11110\n\nGrafana through 6.7.1 allows stored XSS.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-07-27T16:55:21.000000Z"}, {"uuid": "29362ae9-1164-4039-94b2-f32ef5e09487", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-11118", "type": "seen", "source": "https://t.me/cibsecurity/14512", "content": "ATENTION\u203c New - CVE-2020-11118\n\nu'Information exposure issues while processing IE header due to improper check of beacon IE frame' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, Bitra, Kamorta, MDM9150, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8998, Nicobar, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCM2150, QCN7605, QCS405, QCS605, QCS610, QM215, Rennell, Saipan, SC8180X, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-09-08T14:55:34.000000Z"}, {"uuid": "6fd7773d-e9dd-4964-924c-4979152e0734", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-11117", "type": "seen", "source": "https://t.me/cibsecurity/14513", "content": "ATENTION\u203c New - CVE-2020-11117\n\nu'In the lbd service, an external user can issue a specially crafted debug command to overwrite arbitrary files with arbitrary content resulting in remote code execution.' in Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ6018, IPQ8064, IPQ8074, QCA4531, QCA9531, QCA9980\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-09-08T14:55:35.000000Z"}, {"uuid": "14422853-ccf8-41c3-abc4-a347af508afb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-11116", "type": "seen", "source": "https://t.me/cibsecurity/14514", "content": "ATENTION\u203c New - CVE-2020-11116\n\nu'Possible out of bound write while processing association response received from host due to lack of check of IE length' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8053, APQ8096AU, APQ8098, Bitra, Kamorta, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCM2150, QCN7605, QCS405, QCS605, QCS610, QM215, SA6155P, Saipan, SC8180X, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM845, SDX20, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-09-08T14:55:36.000000Z"}, {"uuid": "37ed649a-bbe6-486c-b02e-c2178522a5e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-11115", "type": "seen", "source": "https://t.me/cibsecurity/14515", "content": "ATENTION\u203c New - CVE-2020-11115\n\nu'Buffer over read occurs while processing information element from beacon due to lack of check of data received from beacon' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8053, APQ8096AU, APQ8098, Bitra, Kamorta, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCM2150, QCN7605, QCS405, QCS605, QM215, Rennell, SA415M, Saipan, SC8180X, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM660, SDM845, SDX20, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-09-08T14:55:38.000000Z"}]}