{"vulnerability": "cve-2024-4596", "sightings": [{"uuid": "8f0cca37-0ef6-4aa4-bc39-ceb5a96e4582", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-45969", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113488430409555971", "content": "", "creation_timestamp": "2024-11-15T18:40:21.172153Z"}, {"uuid": "fab37080-0586-4fd6-a707-5a79d2321c38", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-45965", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/8519", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-45965\n\ud83d\udd25 CVSS Score: 6.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: Contao before 5.5.6 allows XSS via an SVG document. This affects (in contao/core-bundle in Composer) 4.x before 4.13.54, 5.0.x through 5.3.x before 5.3.30, and 5.4.x and 5.5..x before 5.5.6.\n\ud83d\udccf Published: 2024-10-02T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-24T19:04:03.032Z\n\ud83d\udd17 References:\n1. https://grimthereaperteam.medium.com/contao-5-4-1-malicious-file-upload-xss-in-svg-30edb8820ecb\n2. https://contao.org/en/security-advisories/cross-site-scripting-through-svg-uploads", "creation_timestamp": "2025-03-24T19:23:33.000000Z"}, {"uuid": "32963d39-07de-4af6-9a1a-a727a5b942b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-45969", "type": "seen", "source": "https://t.me/cvedetector/11153", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-45969 - MZ Automation LibIEC1850 MMS Client NULL Pointer Dereference Denial-of-Service Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-45969 \nPublished : Nov. 15, 2024, 7:15 p.m. | 33\u00a0minutes ago \nDescription : NULL pointer dereference in the MMS Client in MZ Automation LibIEC1850 before commit 7afa40390b26ad1f4cf93deaa0052fe7e357ef33 allows a malicious server to Cause a Denial-of-Service via the MMS InitiationResponse message. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"15 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-15T20:48:39.000000Z"}, {"uuid": "227a8b29-916b-4aba-be9f-c70b96aa0d2d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-45965", "type": "seen", "source": "https://t.me/cvedetector/6878", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-45965 - Contao SVG Remote Code Execution (RCE) via XSS\", \n  \"Content\": \"CVE ID : CVE-2024-45965 \nPublished : Oct. 2, 2024, 8:15 p.m. | 43\u00a0minutes ago \nDescription : Contao 5.4.1 allows an authenticated admin account to upload a SVG file containing malicious javascript code into the target system. If the file is accessed through the website, it could lead to a Cross-Site Scripting (XSS) attack or execute arbitrary code via a crafted javascript to the target. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"02 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-02T23:03:29.000000Z"}, {"uuid": "058f3044-2313-41c2-b460-b6d625aa1e68", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-45964", "type": "seen", "source": "https://t.me/cvedetector/6877", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-45964 - Zenario XSS in Image Library Tag Field\", \n  \"Content\": \"CVE ID : CVE-2024-45964 \nPublished : Oct. 2, 2024, 8:15 p.m. | 43\u00a0minutes ago \nDescription : Zenario 9.7.61188 is vulnerable to Cross Site Scripting (XSS) in the Image library via the \"Organizer tags\" field. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"02 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-02T23:03:28.000000Z"}, {"uuid": "8ebfe62a-6a8b-4c91-adc6-a039ad65a6ab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-45960", "type": "seen", "source": "https://t.me/cvedetector/6876", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-45960 - Zenario Cross Site Scripting (XSS)\", \n  \"Content\": \"CVE ID : CVE-2024-45960 \nPublished : Oct. 2, 2024, 8:15 p.m. | 43\u00a0minutes ago \nDescription : Zenario 9.7.61188 allows authenticated admin users to upload PDF files containing malicious code into the target system. If the PDF file is accessed through the website, it can trigger a Cross Site Scripting (XSS) attack. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"02 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-02T23:03:27.000000Z"}, {"uuid": "f578d6b4-3868-44f6-869b-d785b52e1bd7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-45962", "type": "seen", "source": "https://t.me/cvedetector/6874", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-45962 - Adobe October PDF JavaScript Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-45962 \nPublished : Oct. 2, 2024, 8:15 p.m. | 43\u00a0minutes ago \nDescription : October 3.6.30 allows an authenticated admin account to upload a PDF file containing malicious JavaScript into the target system. If the file is accessed through the website, it could lead to a Cross-Site Scripting (XSS) attack or execute arbitrary code via a crafted JavaScript to the target. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"02 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-02T23:03:25.000000Z"}, {"uuid": "f9095fe9-2e04-499b-b66d-0f36c95fea24", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-45967", "type": "seen", "source": "https://t.me/cvedetector/6757", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-45967 - \"Pagekit Cross Site Scripting (XSS)\"\", \n  \"Content\": \"CVE ID : CVE-2024-45967 \nPublished : Oct. 1, 2024, 3:15 p.m. | 21\u00a0minutes ago \nDescription : Pagekit 1.0.18 is vulnerable to Cross Site Scripting (XSS) in index.php/admin/site/widget. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"01 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-01T17:45:47.000000Z"}]}