{"vulnerability": "cve-2023-2802", "sightings": [{"uuid": "8c14775e-0005-4bfb-a766-2bb4ff7b74e3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-28025", "type": "seen", "source": "https://t.me/ctinow/167968", "content": "https://ift.tt/Vzq3bGk\nCVE-2023-28025 | HCL BigFix Mobile/Modern Client Management up to 3.1 SVG Tag cross site scripting (KB0109318)", "creation_timestamp": "2024-01-14T09:07:10.000000Z"}, {"uuid": "320b22f7-57e9-42af-bd7c-790cf3a80fde", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-28022", "type": "seen", "source": "https://t.me/ctinow/166680", "content": "https://ift.tt/myXuNMg\nCVE-2023-28022 | HCL Connections 6.0/6.5/7.0/8.0 Request information disclosure (KB0108433)", "creation_timestamp": "2024-01-11T18:02:25.000000Z"}, {"uuid": "a5bf5ef4-e4ec-44b3-89f5-7a910394e6b2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-28025", "type": "seen", "source": "https://t.me/ctinow/157458", "content": "https://ift.tt/L2QalSH\nCVE-2023-28025", "creation_timestamp": "2023-12-21T02:22:25.000000Z"}, {"uuid": "3c95c882-df25-4dad-b1d6-e6ec8bc09f08", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-28020", "type": "seen", "source": "https://t.me/cibsecurity/66949", "content": "\u203c CVE-2023-28020 \u203c\n\n\u00c2\u00a0URL redirection in Login page in HCL BigFix WebUI allows malicious user to redirect the client browser to an external site via redirect URL response header.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-18T22:31:29.000000Z"}, {"uuid": "0c252ec0-8de4-4df5-b0ca-51331ae8d7cd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-28023", "type": "seen", "source": "https://t.me/cibsecurity/66969", "content": "\u203c CVE-2023-28023 \u203c\n\nA cross site request forgery vulnerability in the BigFix WebUI Software Distribution interface site version 44 and before allows an NMO attacker to access files on server side systems (server machine and all the ones in its network).\u00c2\u00a0\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-19T00:36:33.000000Z"}, {"uuid": "595847d5-0114-4170-8909-7178209fda0c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-28021", "type": "seen", "source": "https://t.me/cibsecurity/66952", "content": "\u203c CVE-2023-28021 \u203c\n\nThe BigFix WebUI uses weak cipher suites.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-18T22:31:32.000000Z"}, {"uuid": "0d7ff9b2-e842-4d86-8c92-6266d19d7af1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-2802", "type": "seen", "source": "https://t.me/cibsecurity/68486", "content": "\u203c CVE-2023-2802 \u203c\n\nThe Ultimate Addons for Contact Form 7 WordPress plugin before 3.1.29 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-15T00:19:46.000000Z"}, {"uuid": "3939b325-4bdf-415e-8cd3-fa97dc0462a7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-28027", "type": "seen", "source": "https://t.me/cibsecurity/65444", "content": "\u203c CVE-2023-28027 \u203c\n\nDell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-19T19:46:29.000000Z"}]}