{"vulnerability": "cve-2020-2097", "sightings": [{"uuid": "2f8539b7-4711-49e9-b05b-b7c68ac9c427", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-20977", "type": "seen", "source": "https://t.me/cibsecurity/27228", "content": "\u203c CVE-2020-20977 \u203c\n\nA stored cross site scripting (XSS) vulnerability in index.php/legend/6.html of UK CMS v1.1.10 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Comments section.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-12T18:39:50.000000Z"}, {"uuid": "0ecc4284-2335-4f50-9ac1-15f553b32dd6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-20979", "type": "seen", "source": "https://t.me/cibsecurity/27227", "content": "\u203c CVE-2020-20979 \u203c\n\nAn arbitrary file upload vulnerability in the move_uploaded_file() function of LJCMS v4.3 allows attackers to execute arbitrary code.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-12T18:39:49.000000Z"}, {"uuid": "5138392f-28c5-4796-815b-ab2deb0cafba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-20975", "type": "seen", "source": "https://t.me/cibsecurity/27226", "content": "\u203c CVE-2020-20975 \u203c\n\nIn \\lib\\admin\\action\\dataaction.class.php in Gxlcms v1.1, SQL Injection exists via the $filename parameter.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-12T18:39:49.000000Z"}]}