{"vulnerability": "CVE-2020-1928", "sightings": [{"uuid": "2004ef88-039c-4a88-a7cf-ae35a4537055", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-19289", "type": "seen", "source": "https://t.me/cibsecurity/28648", "content": "\u203c CVE-2020-19289 \u203c\n\nA stored cross-site scripting (XSS) vulnerability in the /member/picture/album component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the new album tab.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-10T02:30:17.000000Z"}, {"uuid": "c37cf8e7-2830-4d59-93fc-6e12fa15f94e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-19282", "type": "seen", "source": "https://t.me/cibsecurity/28647", "content": "\u203c CVE-2020-19282 \u203c\n\nA reflected cross-site scripting (XSS) vulnerability in Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the system error message's text field.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-10T02:30:15.000000Z"}, {"uuid": "fa4fb55c-c8fd-4b3f-b6a1-9abe124f414c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-19281", "type": "seen", "source": "https://t.me/cibsecurity/28646", "content": "\u203c CVE-2020-19281 \u203c\n\nA stored cross-site scripting (XSS) vulnerability in the /manage/loginusername component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the username field.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-10T02:30:13.000000Z"}, {"uuid": "c8e4093b-5016-4918-8205-189763610d08", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-19284", "type": "seen", "source": "https://t.me/cibsecurity/28654", "content": "\u203c CVE-2020-19284 \u203c\n\nA stored cross-site scripting (XSS) vulnerability in the /group/comment component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the group comments text field.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-10T02:30:30.000000Z"}, {"uuid": "454495da-f556-4cd1-b237-f535c3e9f4ad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-19286", "type": "seen", "source": "https://t.me/cibsecurity/28638", "content": "\u203c CVE-2020-19286 \u203c\n\nA stored cross-site scripting (XSS) vulnerability in the /question/detail component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the source field of the editor.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-10T02:29:59.000000Z"}, {"uuid": "6b28a498-b80c-4592-9dda-5a724e7ca37d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-19283", "type": "seen", "source": "https://t.me/cibsecurity/28636", "content": "\u203c CVE-2020-19283 \u203c\n\nA reflected cross-site scripting (XSS) vulnerability in the /newVersion component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-10T02:29:55.000000Z"}, {"uuid": "9d1cd3df-3916-4bed-ad7e-621ad9ca949d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-19280", "type": "seen", "source": "https://t.me/cibsecurity/28651", "content": "\u203c CVE-2020-19280 \u203c\n\nJeesns 1.4.2 contains a cross-site request forgery (CSRF) which allows attackers to escalate privileges and perform sensitive program operations.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-10T02:30:23.000000Z"}, {"uuid": "53942ae1-d517-47ee-9fe1-45d5ef2b6daf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-19288", "type": "seen", "source": "https://t.me/cibsecurity/28642", "content": "\u203c CVE-2020-19288 \u203c\n\nA stored cross-site scripting (XSS) vulnerability in the /localhost/u component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in a private message.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-10T02:30:05.000000Z"}, {"uuid": "51833d65-5dfa-4713-aea2-8dfbd40519bf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1928", "type": "seen", "source": "https://t.me/cveNotify/503", "content": "\ud83d\udea8 CVE-2020-1928\nAn information disclosure vulnerability was found in Apache NiFi 1.10.0. The sensitive parameter parser would log parsed values for debugging purposes. This would expose literal values entered in a sensitive property when no parameter was present.\n\n\ud83c\udf96@cveNotify", "creation_timestamp": "2020-01-28T08:37:53.000000Z"}]}