{"vulnerability": "cve-2024-1177", "sightings": [{"uuid": "72ebff0f-9317-4a41-9322-671f4d7d45e1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11779", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113599592144417252", "content": "", "creation_timestamp": "2024-12-05T09:50:14.738164Z"}, {"uuid": "a3cd5633-9bec-4685-880c-603cdaf21c61", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11772", "type": "seen", "source": "https://infosec.exchange/users/screaminggoat/statuses/113630179344621728", "content": "", "creation_timestamp": "2024-12-10T19:28:58.450473Z"}, {"uuid": "a1c33c2d-ffd3-4884-8392-545da543fca9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11773", "type": "seen", "source": "https://infosec.exchange/users/screaminggoat/statuses/113630179344621728", "content": "", "creation_timestamp": "2024-12-10T19:28:58.482682Z"}, {"uuid": "8959108f-ab48-42ee-97c7-9efaba36813c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11770", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113649367000181155", "content": "", "creation_timestamp": "2024-12-14T04:48:39.051822Z"}, {"uuid": "e40c12dd-9d54-415d-808f-c34ba8493a85", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11775", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113683939055146682", "content": "", "creation_timestamp": "2024-12-20T07:20:46.511012Z"}, {"uuid": "44fa6e59-2dea-466b-aa97-2532f63d22ed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11776", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113682854525386646", "content": "", "creation_timestamp": "2024-12-20T02:44:57.737056Z"}, {"uuid": "cb11549f-a3d9-4f84-b727-1a7f402e4c99", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11774", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113683880054847690", "content": "", "creation_timestamp": "2024-12-20T07:05:46.365759Z"}, {"uuid": "d5f7854d-7b44-434a-9f00-f985fbc64c90", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11776", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3ldpgcgtfo22g", "content": "", "creation_timestamp": "2024-12-20T03:15:59.899354Z"}, {"uuid": "dcb989fd-445a-4693-9492-f0ef02c2b4a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11774", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3ldptory6zx2x", "content": "", "creation_timestamp": "2024-12-20T07:15:32.327525Z"}, {"uuid": "fb814e4a-ee92-4de0-b56d-9a1a3e8fd5f9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11775", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3ldptoubw2r2r", "content": "", "creation_timestamp": "2024-12-20T07:15:34.568579Z"}, {"uuid": "c33c0ead-c493-4af4-8d6d-a512a7bd07fa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11777", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113784946142682228", "content": "", "creation_timestamp": "2025-01-07T03:28:12.317103Z"}, {"uuid": "ddccc89b-3ec2-480e-9d3e-7d82c642135c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11777", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lf4rzesvlw25", "content": "", "creation_timestamp": "2025-01-07T04:15:27.947675Z"}, {"uuid": "1271201d-8546-4c56-a591-e3a0aa240891", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11771", "type": "seen", "source": "https://infosec.exchange/users/screaminggoat/statuses/113985939700497507", "content": "", "creation_timestamp": "2025-02-11T15:23:30.703705Z"}, {"uuid": "dc5c1b7c-2fbd-4b45-a876-0dec69242cab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11771", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113985946487899400", "content": "", "creation_timestamp": "2025-02-11T15:25:14.127894Z"}, {"uuid": "2ba79531-2662-4294-ba03-48c886297faa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11771", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113986005516389449", "content": "", "creation_timestamp": "2025-02-11T15:40:14.837430Z"}, {"uuid": "3e33d388-dd42-4103-84bb-b545c3621741", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11771", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lhw2mblthg2c", "content": "", "creation_timestamp": "2025-02-11T16:16:08.757598Z"}, {"uuid": "1b9b2b7e-34d7-4241-ab33-6c1bdfecb0df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11771", "type": "seen", "source": "https://bsky.app/profile/aakl.bsky.social/post/3lhwek3xmgt2i", "content": "", "creation_timestamp": "2025-02-11T19:13:54.862171Z"}, {"uuid": "8169820b-3b41-4ebb-a439-1c52a774d10b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11771", "type": "seen", "source": "https://bsky.app/profile/aakl.bsky.social/post/3lhwek3xmgu2i", "content": "", "creation_timestamp": "2025-02-11T19:13:55.382461Z"}, {"uuid": "bdd5049e-a6c8-4723-9dda-eb5f075417c2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11771", "type": "seen", "source": "https://poliverso.org/objects/0477a01e-6c3cfb92-62b4327e96b9e56e", "content": "", "creation_timestamp": "2025-02-13T07:09:22.208988Z"}, {"uuid": "4b29f259-4955-4c5d-832e-b5e15e4013fb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11778", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lijdiaor432t", "content": "", "creation_timestamp": "2025-02-19T08:15:32.473680Z"}, {"uuid": "cf9bfd5a-0af9-444b-872c-1d752cfee8ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11773", "type": "seen", "source": "MISP/be792712-f638-4d7d-b62d-4f5032e86764", "content": "", "creation_timestamp": "2025-09-16T23:16:38.000000Z"}, {"uuid": "0a4261f5-f2a7-48c6-bee0-2e12d9fc3d0a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11772", "type": "seen", "source": "MISP/be792712-f638-4d7d-b62d-4f5032e86764", "content": "", "creation_timestamp": "2025-09-16T23:16:38.000000Z"}, {"uuid": "b59ba759-9623-496b-9b54-4b70b1da0f5e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11773", "type": "seen", "source": "MISP/be792712-f638-4d7d-b62d-4f5032e86764", "content": "", "creation_timestamp": "2025-09-18T16:44:36.000000Z"}, {"uuid": "b2241cdf-6dee-4323-9394-3a178d46c78d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11772", "type": "seen", "source": "MISP/be792712-f638-4d7d-b62d-4f5032e86764", "content": "", "creation_timestamp": "2025-09-18T16:44:36.000000Z"}, {"uuid": "8900ee7d-17fa-4d1e-8be8-f5a1e33187c2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-11773", "type": "seen", "source": "https://www.kyberturvallisuuskeskus.fi/fi/haavoittuvuus_26/2024", "content": "", "creation_timestamp": "2024-12-11T09:55:00.000000Z"}, {"uuid": "000cb1fe-822c-4c5c-85c5-3f3351cb6f1a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-11772", "type": "seen", "source": "https://www.kyberturvallisuuskeskus.fi/fi/haavoittuvuus_26/2024", "content": "", "creation_timestamp": "2024-12-11T09:55:00.000000Z"}, {"uuid": "ebdc29fc-f837-4595-98b2-6c38247c0c57", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11773", "type": "seen", "source": "https://t.me/itsec_news/4950", "content": "\u200b\u26a1\ufe0f\u0428\u0435\u0441\u0442\u044c \u0443\u0433\u0440\u043e\u0437, \u043e\u0434\u0438\u043d \u0438\u0441\u0445\u043e\u0434: \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u044b \u0441\u043d\u043e\u0432\u0430 \u0432 \u0437\u043e\u043d\u0435 \u0440\u0438\u0441\u043a\u0430 \u0438\u0437-\u0437\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 Ivanti\n\n\ud83d\udcac \u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f Ivanti \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u044e\u0449\u0438\u0435 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 \u0435\u0451 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0430\u0445 Cloud Services Application (CSA) \u0438 Connect Secure. \u042d\u0442\u0438 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u043c\u043e\u0433\u043b\u0438 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u044d\u0441\u043a\u0430\u043b\u0430\u0446\u0438\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044e \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430.\n\n\u041d\u0430\u0438\u0431\u043e\u043b\u044c\u0448\u0443\u044e \u0443\u0433\u0440\u043e\u0437\u0443 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2024-11639 \u0441 \u043c\u0430\u043a\u0441\u0438\u043c\u0430\u043b\u044c\u043d\u044b\u043c \u0431\u0430\u043b\u043b\u043e\u043c CVSS 10.0. \u041e\u043d\u0430 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u044b\u043c \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u043c \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u0438\u0432\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0432\u0435\u0431-\u043a\u043e\u043d\u0441\u043e\u043b\u0438 \u0431\u0435\u0437 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438. \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0432\u0435\u0440\u0441\u0438\u0438 Ivanti CSA \u0434\u043e 5.0.3.\n\n\u0414\u0440\u0443\u0433\u0438\u0435 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u0432\u043a\u043b\u044e\u0447\u0430\u044e\u0442 CVE-2024-11772 \u0438 CVE-2024-11773, \u043e\u0431\u0435 \u0441 \u043e\u0446\u0435\u043d\u043a\u043e\u0439 9.1. \u041e\u043d\u0438 \u043e\u0442\u043a\u0440\u044b\u0432\u0430\u044e\u0442 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u0434\u043b\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u043c\u0430\u043d\u0434 \u0438 SQL-\u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432, \u0435\u0441\u043b\u0438 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u0438\u043c\u0435\u0435\u0442 \u0443\u0447\u0451\u0442\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430.\n\n\u0415\u0449\u0451 \u043e\u0434\u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, CVE-2024-11633, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u0447\u0435\u0440\u0435\u0437 Argument Injection \u0432 Ivanti Connect Secure \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 22.7R2.4. \u0410\u043d\u0430\u043b\u043e\u0433\u0438\u0447\u043d\u0430\u044f \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430, CVE-2024-11634, \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 Connect Secure \u0438 Policy Secure. \u041e\u0431\u0435 \u0442\u0430\u043a\u0436\u0435 \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0438 \u043e\u0446\u0435\u043d\u043a\u0443 CVSS 9.1.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2024-8540 (CVSS 8.8) \u0432 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0435 Ivanti Sentry \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u044b\u043c \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u043c \u043c\u043e\u0434\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0447\u0443\u0432\u0441\u0442\u0432\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0435 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u044b \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f \u0438\u0437-\u0437\u0430 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e \u0441\u0442\u0440\u043e\u0433\u0438\u0445 \u0440\u0430\u0437\u0440\u0435\u0448\u0435\u043d\u0438\u0439.\n\nIvanti \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u043b\u0430 \u0432\u0441\u0435 \u043f\u0435\u0440\u0435\u0447\u0438\u0441\u043b\u0435\u043d\u043d\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0445 \u0432\u0435\u0440\u0441\u0438\u044f\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432: CSA 5.0.3, Connect Secure 22.7R2.4, Policy Secure 22.7R1.2, \u0430 \u0442\u0430\u043a\u0436\u0435 Sentry 9.20.2, 10.0.2 \u0438 10.1.0. \u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f \u043f\u043e\u0434\u0447\u0451\u0440\u043a\u0438\u0432\u0430\u0435\u0442, \u0447\u0442\u043e \u0435\u0439 \u043d\u0435\u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e \u043e \u0441\u043b\u0443\u0447\u0430\u044f\u0445 \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0439 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0434\u0430\u043d\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439.\n\n\u0422\u0435\u043c \u043d\u0435 \u043c\u0435\u043d\u0435\u0435, \u044d\u043a\u0441\u043f\u0435\u0440\u0442\u044b \u043d\u0430\u0441\u0442\u043e\u044f\u0442\u0435\u043b\u044c\u043d\u043e \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u044e\u0442 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u043e\u043f\u0435\u0440\u0430\u0442\u0438\u0432\u043d\u043e \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f. \u0420\u0430\u043d\u0435\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0430\u0445 Ivanti \u0443\u0436\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438\u0441\u044c \u0433\u043e\u0441\u0443\u0434\u0430\u0440\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u043c\u0438 \u0445\u0430\u043a\u0435\u0440\u0430\u043c\u0438 \u0434\u043b\u044f \u043f\u0440\u043e\u0432\u0435\u0434\u0435\u043d\u0438\u044f \u0430\u0442\u0430\u043a, \u0447\u0442\u043e \u0434\u0435\u043b\u0430\u0435\u0442 \u0434\u0430\u043d\u043d\u044b\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u043a\u0440\u0430\u0439\u043d\u0435 \u0432\u0430\u0436\u043d\u044b\u043c\u0438 \u0434\u043b\u044f \u0437\u0430\u0449\u0438\u0442\u044b \u043e\u0442 \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u0443\u0433\u0440\u043e\u0437.\n\n\ud83d\udd14 ITsec NEWS", "creation_timestamp": "2024-12-11T18:00:23.000000Z"}, {"uuid": "700bc070-f3bc-444f-b8a3-277b6ed92a91", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11772", "type": "seen", "source": "https://t.me/itsec_news/4950", "content": "\u200b\u26a1\ufe0f\u0428\u0435\u0441\u0442\u044c \u0443\u0433\u0440\u043e\u0437, \u043e\u0434\u0438\u043d \u0438\u0441\u0445\u043e\u0434: \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u044b \u0441\u043d\u043e\u0432\u0430 \u0432 \u0437\u043e\u043d\u0435 \u0440\u0438\u0441\u043a\u0430 \u0438\u0437-\u0437\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 Ivanti\n\n\ud83d\udcac \u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f Ivanti \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u044e\u0449\u0438\u0435 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 \u0435\u0451 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0430\u0445 Cloud Services Application (CSA) \u0438 Connect Secure. \u042d\u0442\u0438 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u043c\u043e\u0433\u043b\u0438 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u044d\u0441\u043a\u0430\u043b\u0430\u0446\u0438\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044e \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430.\n\n\u041d\u0430\u0438\u0431\u043e\u043b\u044c\u0448\u0443\u044e \u0443\u0433\u0440\u043e\u0437\u0443 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2024-11639 \u0441 \u043c\u0430\u043a\u0441\u0438\u043c\u0430\u043b\u044c\u043d\u044b\u043c \u0431\u0430\u043b\u043b\u043e\u043c CVSS 10.0. \u041e\u043d\u0430 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u044b\u043c \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u043c \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u0438\u0432\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0432\u0435\u0431-\u043a\u043e\u043d\u0441\u043e\u043b\u0438 \u0431\u0435\u0437 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438. \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0432\u0435\u0440\u0441\u0438\u0438 Ivanti CSA \u0434\u043e 5.0.3.\n\n\u0414\u0440\u0443\u0433\u0438\u0435 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u0432\u043a\u043b\u044e\u0447\u0430\u044e\u0442 CVE-2024-11772 \u0438 CVE-2024-11773, \u043e\u0431\u0435 \u0441 \u043e\u0446\u0435\u043d\u043a\u043e\u0439 9.1. \u041e\u043d\u0438 \u043e\u0442\u043a\u0440\u044b\u0432\u0430\u044e\u0442 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u0434\u043b\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u043c\u0430\u043d\u0434 \u0438 SQL-\u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432, \u0435\u0441\u043b\u0438 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u0438\u043c\u0435\u0435\u0442 \u0443\u0447\u0451\u0442\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430.\n\n\u0415\u0449\u0451 \u043e\u0434\u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, CVE-2024-11633, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u0447\u0435\u0440\u0435\u0437 Argument Injection \u0432 Ivanti Connect Secure \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 22.7R2.4. \u0410\u043d\u0430\u043b\u043e\u0433\u0438\u0447\u043d\u0430\u044f \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430, CVE-2024-11634, \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 Connect Secure \u0438 Policy Secure. \u041e\u0431\u0435 \u0442\u0430\u043a\u0436\u0435 \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0438 \u043e\u0446\u0435\u043d\u043a\u0443 CVSS 9.1.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2024-8540 (CVSS 8.8) \u0432 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0435 Ivanti Sentry \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u044b\u043c \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u043c \u043c\u043e\u0434\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0447\u0443\u0432\u0441\u0442\u0432\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0435 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u044b \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f \u0438\u0437-\u0437\u0430 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e \u0441\u0442\u0440\u043e\u0433\u0438\u0445 \u0440\u0430\u0437\u0440\u0435\u0448\u0435\u043d\u0438\u0439.\n\nIvanti \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u043b\u0430 \u0432\u0441\u0435 \u043f\u0435\u0440\u0435\u0447\u0438\u0441\u043b\u0435\u043d\u043d\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0445 \u0432\u0435\u0440\u0441\u0438\u044f\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432: CSA 5.0.3, Connect Secure 22.7R2.4, Policy Secure 22.7R1.2, \u0430 \u0442\u0430\u043a\u0436\u0435 Sentry 9.20.2, 10.0.2 \u0438 10.1.0. \u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f \u043f\u043e\u0434\u0447\u0451\u0440\u043a\u0438\u0432\u0430\u0435\u0442, \u0447\u0442\u043e \u0435\u0439 \u043d\u0435\u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e \u043e \u0441\u043b\u0443\u0447\u0430\u044f\u0445 \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0439 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0434\u0430\u043d\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439.\n\n\u0422\u0435\u043c \u043d\u0435 \u043c\u0435\u043d\u0435\u0435, \u044d\u043a\u0441\u043f\u0435\u0440\u0442\u044b \u043d\u0430\u0441\u0442\u043e\u044f\u0442\u0435\u043b\u044c\u043d\u043e \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u044e\u0442 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u043e\u043f\u0435\u0440\u0430\u0442\u0438\u0432\u043d\u043e \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f. \u0420\u0430\u043d\u0435\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0430\u0445 Ivanti \u0443\u0436\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438\u0441\u044c \u0433\u043e\u0441\u0443\u0434\u0430\u0440\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u043c\u0438 \u0445\u0430\u043a\u0435\u0440\u0430\u043c\u0438 \u0434\u043b\u044f \u043f\u0440\u043e\u0432\u0435\u0434\u0435\u043d\u0438\u044f \u0430\u0442\u0430\u043a, \u0447\u0442\u043e \u0434\u0435\u043b\u0430\u0435\u0442 \u0434\u0430\u043d\u043d\u044b\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u043a\u0440\u0430\u0439\u043d\u0435 \u0432\u0430\u0436\u043d\u044b\u043c\u0438 \u0434\u043b\u044f \u0437\u0430\u0449\u0438\u0442\u044b \u043e\u0442 \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u0443\u0433\u0440\u043e\u0437.\n\n\ud83d\udd14 ITsec NEWS", "creation_timestamp": "2024-12-11T18:00:23.000000Z"}, {"uuid": "088a695a-baba-46cf-87b5-98c5fa1b2379", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11777", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/287", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-11777\n\ud83d\udd39 Description: The Sell Media plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sell_media_search_form_gutenberg' shortcode in all versions up to, and including, 2.5.8.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.\n\ud83d\udccf Published: 2025-01-07T03:21:57.148Z\n\ud83d\udccf Modified: 2025-01-07T03:21:57.148Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/8a35f0bb-691f-4acf-a30d-4ddabe3b919c?source=cve\n2. https://plugins.trac.wordpress.org/browser/sell-media/trunk//gutenberg/blocks/sell-media-search-form/sell-media-search-form.php#L219\n3. https://wordpress.org/plugins/sell-media/", "creation_timestamp": "2025-01-07T03:36:43.000000Z"}, {"uuid": "923adb1e-234e-4f1f-9df6-6af6e53fd7e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11778", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/4787", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-11778\n\ud83d\udd25 CVSS Score: 6.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: The CanadaHelps Embedded Donation Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'embedcdn' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.\n\ud83d\udccf Published: 2025-02-19T07:32:11.843Z\n\ud83d\udccf Modified: 2025-02-19T07:32:11.843Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/9f96a607-a655-413d-9faf-304249edefe8?source=cve\n2. https://plugins.trac.wordpress.org/browser/embedded-cdn/trunk/embedded-cdn.php#L32\n3. https://wordpress.org/plugins/embedded-cdn/", "creation_timestamp": "2025-02-19T08:41:04.000000Z"}, {"uuid": "6501a143-caae-4f4d-9362-651d474d776d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11777", "type": "seen", "source": "https://t.me/cvedetector/14442", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11777 - WordPress Sell Media Plugin Stored Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-11777 \nPublished : Jan. 7, 2025, 4:15 a.m. | 39\u00a0minutes ago \nDescription : The Sell Media plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sell_media_search_form_gutenberg' shortcode in all versions up to, and including, 2.5.8.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"07 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-07T06:19:53.000000Z"}, {"uuid": "5e61848b-f9d8-41dd-831d-c7614fc6a8f2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11774", "type": "seen", "source": "https://t.me/cvedetector/13428", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11774 - Outdooractive Embed Plugin for WordPress Stored Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-11774 \nPublished : Dec. 20, 2024, 7:15 a.m. | 43\u00a0minutes ago \nDescription : The Outdooractive Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'list2go' shortcode in all versions up to, and including, 1.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"20 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-20T09:13:25.000000Z"}, {"uuid": "4579979f-7f9e-4577-ad4b-e3b7759cc61e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11775", "type": "seen", "source": "https://t.me/cvedetector/13425", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11775 - WordPress Particle Background Stored Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-11775 \nPublished : Dec. 20, 2024, 7:15 a.m. | 43\u00a0minutes ago \nDescription : The Particle Background plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'particleground' shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"20 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-20T09:13:23.000000Z"}, {"uuid": "83305aaa-b930-40eb-a8c7-9f54ffaafced", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11776", "type": "seen", "source": "https://t.me/cvedetector/13398", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11776 - WordPress PCRecruiter Extensions Stored Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-11776 \nPublished : Dec. 20, 2024, 3:15 a.m. | 42\u00a0minutes ago \nDescription : The PCRecruiter Extensions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'PCRecruiter' shortcode in all versions up to, and including, 1.4.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"20 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-20T05:02:12.000000Z"}, {"uuid": "7b761889-4dbe-478e-83e2-2181e442fd1c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11772", "type": "seen", "source": "https://t.me/cvedetector/12555", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11772 - Ivanti CSA Command Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-11772 \nPublished : Dec. 10, 2024, 7:15 p.m. | 33\u00a0minutes ago \nDescription : Command injection in the admin web console of Ivanti CSA before version 5.0.3 allows a remote authenticated attacker with admin privileges to achieve remote code execution. \nSeverity: 9.1 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"10 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-10T20:49:48.000000Z"}, {"uuid": "368724c3-4bb5-4aab-a436-8aa33c907e8e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11779", "type": "seen", "source": "https://t.me/cvedetector/12073", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11779 - The WIP WooCarousel Lite plugin for WordPress is v\", \n  \"Content\": \"CVE ID : CVE-2024-11779 \nPublished : Dec. 5, 2024, 10:31 a.m. | 1\u00a0hour, 10\u00a0minutes ago \nDescription : The WIP WooCarousel Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wip_woocarousel_products_carousel' shortcode in all versions up to, and including, 1.1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"05 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-05T12:50:40.000000Z"}, {"uuid": "c3beec9a-f4b5-41f4-9cac-804ae9f89b35", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11778", "type": "seen", "source": "Telegram/C8-qimvOXfiU457HHof09CPgVDEaU6SXuexJuDEay7Nf3X0-", "content": "", "creation_timestamp": "2025-02-19T15:39:51.000000Z"}, {"uuid": "efed260f-a380-401c-b3c4-d7c143c63175", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1177", "type": "seen", "source": "https://t.me/ctinow/196421", "content": "https://ift.tt/kUY0Hbh\nCVE-2024-1177 | WP Club Manager Plugin up to 2.2.10 on WordPress Event Permalink Update authorization", "creation_timestamp": "2024-02-29T09:56:50.000000Z"}]}