{"vulnerability": "cve-2023-2945", "sightings": [{"uuid": "5a1fe8d0-3780-42c5-9753-60ddafe59095", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29451", "type": "seen", "source": "https://t.me/cibsecurity/66655", "content": "\u203c CVE-2023-29451 \u203c\n\nSpecially crafted string can cause a buffer overrun in the JSON parser library leading to a crash of the Zabbix Server or a Zabbix Proxy.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-13T14:55:18.000000Z"}, {"uuid": "9daa115c-cf8c-444e-b93e-a05b60fd6df3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29457", "type": "seen", "source": "https://t.me/cibsecurity/66653", "content": "\u203c CVE-2023-29457 \u203c\n\nReflected XSS attacks, occur when a malicious script is reflected off a web application to the victim's browser. The script can be activated through Action form fields, which can be sent as request to a website with a vulnerability that enables execution of malicious scripts.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-13T14:55:16.000000Z"}, {"uuid": "36b526ac-0d8d-4345-a551-fe0914fd0875", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29455", "type": "seen", "source": "https://t.me/cibsecurity/66649", "content": "\u203c CVE-2023-29455 \u203c\n\nReflected XSS attacks, also known as non-persistent attacks, occur when a malicious script is reflected off a web application to the victim's browser. The script is activated through a link, which sends a request to a website with a vulnerability that enables execution of malicious scripts.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-13T14:55:12.000000Z"}, {"uuid": "8532fe39-1ab0-4790-b3ee-87a1459f7fb3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29456", "type": "seen", "source": "https://t.me/cibsecurity/66641", "content": "\u203c CVE-2023-29456 \u203c\n\nURL validation scheme receives input from a user and then parses it to identify its various components. The validation scheme can ensure that all URL components comply with internet standards.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-13T14:52:10.000000Z"}, {"uuid": "24ad8aa0-bf95-4ec4-863e-f6f3f7c3722c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29454", "type": "seen", "source": "https://t.me/cibsecurity/66640", "content": "\u203c CVE-2023-29454 \u203c\n\nStored or persistent cross-site scripting (XSS) is a type of XSS where the attacker first sends the payload to the web application, then the application saves the payload (e.g., in a database or server-side text files), and finally, the application unintentionally executes the payload for every victim visiting its web pages.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-13T14:52:09.000000Z"}, {"uuid": "52e65237-9155-4ee1-8a90-16e3ff948869", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29450", "type": "seen", "source": "https://t.me/cibsecurity/66638", "content": "\u203c CVE-2023-29450 \u203c\n\nJavaScript pre-processing can be used by the attacker to gain access to the file system (read-only access on behalf of user \"zabbix\") on the Zabbix Server or Zabbix Proxy, potentially leading to unauthorized access to sensitive data.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-13T12:50:42.000000Z"}, {"uuid": "e4c0126b-daa2-42bd-b035-1803d70359b3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29452", "type": "seen", "source": "https://t.me/cibsecurity/66645", "content": "\u203c CVE-2023-29452 \u203c\n\nCurrently, geomap configuration (Administration -> General -> Geographical maps) allows using HTML in the field \u00e2\u20ac\u0153Attribution text\u00e2\u20ac\ufffd when selected \u00e2\u20ac\u0153Other\u00e2\u20ac\ufffd Tile provider.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-13T14:52:14.000000Z"}, {"uuid": "be81abb3-39ae-468b-b2ae-3f81593ef965", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29459", "type": "seen", "source": "https://t.me/cibsecurity/65518", "content": "\u203c CVE-2023-29459 \u203c\n\nThe laola.redbull application through 5.1.9-R for Android exposes the exported activity at.redbullsalzburg.android.AppMode.Default.Splash.SplashActivity, which accepts a data: URI. The target of this URI is subsequently loaded into the application's webview, thus allowing the loading of arbitrary content into the context of the application. This can occur via the fcrbs schema or an explicit intent invocation.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-06-26T20:52:04.000000Z"}]}