{"vulnerability": "CVE-2021-3285", "sightings": [{"uuid": "e11633b1-d1cc-43ab-88e2-80e82c84212e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-32854", "type": "seen", "source": "https://t.me/cibsecurity/58617", "content": "\u203c CVE-2021-32854 \u203c\n\ntextAngular is a text editor for Angular.js. Version 1.5.16 and prior are vulnerable to copy-paste cross-site scripting (XSS). For this particular type of XSS, the victim needs to be fooled into copying a malicious payload into the text editor. There are no known patches.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-21T18:17:00.000000Z"}, {"uuid": "8da51d51-9836-4eef-8d67-e5e7434d003e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-32856", "type": "seen", "source": "https://t.me/cibsecurity/58615", "content": "\u203c CVE-2021-32856 \u203c\n\nMicroweber is a drag and drop website builder and content management system. Versions 1.2.12 and prior are vulnerable to copy-paste cross-site scripting (XSS). For this particular type of XSS, the victim needs to be fooled into copying a malicious payload into the text editor. A fix was attempted in versions 1.2.9 and 1.2.12, but it is incomplete.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-21T18:16:57.000000Z"}, {"uuid": "60a370ee-013b-4782-a152-d4ff1eba3fb6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-32855", "type": "seen", "source": "https://t.me/cibsecurity/58612", "content": "\u203c CVE-2021-32855 \u203c\n\nVditor is a browser-side Markdown editor. Versions prior to 3.8.7 are vulnerable to copy-paste cross-site scripting (XSS). For this particular type of XSS, the victim needs to be fooled into copying a malicious payload into the text editor. Version 3.8.7 contains a patch for this issue.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-21T18:16:51.000000Z"}, {"uuid": "edffd6d7-2d8a-4c48-b594-268cacf114dd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-32858", "type": "seen", "source": "https://t.me/cibsecurity/58611", "content": "\u203c CVE-2021-32858 \u203c\n\nesdoc-publish-html-plugin is a plugin for the document maintenance software ESDoc. TheHTML sanitizer in esdoc-publish-html-plugin 1.1.2 and prior can be bypassed which may lead to cross-site scripting (XSS) issues. There are no known patches for this issue.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-21T18:16:51.000000Z"}, {"uuid": "a1858aa8-120b-4ee5-b078-d72126f03974", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-32859", "type": "seen", "source": "https://t.me/cibsecurity/58609", "content": "\u203c CVE-2021-32859 \u203c\n\nThe Baremetrics date range picker is a solution for selecting both date ranges and single dates from a single calender view. Versions 1.0.14 and prior are prone to cross-site scripting (XSS) when handling untrusted `placeholder` entries. An attacker who is able to influence the field `placeholder` when creating a `Calendar` instance is able to supply arbitrary `html` or `javascript` that will be rendered in the context of a user leading to XSS. There are no known patches for this issue.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-21T18:16:49.000000Z"}, {"uuid": "c57593bc-06d4-405f-8315-7ae16d3d2f9f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-32857", "type": "seen", "source": "https://t.me/cibsecurity/58608", "content": "\u203c CVE-2021-32857 \u203c\n\nCockpit is a content management system that allows addition of content management functionality to any site. In versions 0.12.2 and prior, bad HTML sanitization in `htmleditor.js` may lead to cross-site scripting (XSS) issues. There are no known patches for this issue.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-02T22:13:02.000000Z"}, {"uuid": "89d95982-7273-45af-99cd-430d1f0daad6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3285", "type": "seen", "source": "https://t.me/cibsecurity/22627", "content": "\u203c CVE-2021-3285 \u203c\n\njxbrowser in TI Code Composer Studio IDE 8.x through 10.x before 10.1.1 does not verify X.509 certificates for HTTPS.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-01-26T20:46:22.000000Z"}, {"uuid": "965c8b14-292c-49ca-87a5-6b05c4435e7b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-32853", "type": "seen", "source": "https://t.me/cibsecurity/58553", "content": "\u203c CVE-2021-32853 \u203c\n\nErxes, an experience operating system (XOS) with a set of plugins, is vulnerable to cross-site scripting in versions 0.22.3 and prior. This results in client-side code execution. The victim must follow a malicious link or be redirected there from malicious web site. There are no known patches.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-21T03:15:45.000000Z"}, {"uuid": "d3c859dd-9de6-4ff7-9668-6af56352cf5a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-32852", "type": "seen", "source": "https://t.me/cibsecurity/58545", "content": "\u203c CVE-2021-32852 \u203c\n\nCountly, a product analytics solution, is vulnerable to cross-site scripting prior to version 21.11 of the community edition. The victim must follow a malicious link or be redirected there from malicious web site. The attacker must have an account or be able to create one. This issue is patched in version 21.11.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-21T00:16:08.000000Z"}, {"uuid": "b4e1c20f-19c6-40d0-9bbe-573baf0bfd7a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-32851", "type": "seen", "source": "https://t.me/cibsecurity/58544", "content": "\u203c CVE-2021-32851 \u203c\n\nMind-elixir is a free, open source mind map core. Prior to version 0.18.1, mind-elixir is prone to cross-site scripting when handling untrusted menus. This issue is patched in version 0.18.1\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-18T22:24:35.000000Z"}, {"uuid": "57f5e3e6-2740-411f-963e-c3c540e424d0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-32850", "type": "seen", "source": "https://t.me/cibsecurity/58543", "content": "\u203c CVE-2021-32850 \u203c\n\njQuery MiniColors is a color picker built on jQuery. Prior to version 2.3.6, jQuery MiniColors is prone to cross-site scripting when handling untrusted color names. This issue is patched in version 2.3.6.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-21T00:16:06.000000Z"}]}