{"vulnerability": "CVE-2022-2164", "sightings": [{"uuid": "c4b3451a-0bf0-4c81-80f6-cf22de116025", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-21641", "type": "published-proof-of-concept", "source": "https://t.me/BABATATASASA/5993", "content": "| PRION:CVE-2023-22110 3.3 https://vulners.com/prion/PRION:CVE-2023-22110 | PRION:CVE-2023-22104 3.3 https://vulners.com/prion/PRION:CVE-2023-22104 | PRION:CVE-2023-22103 3.3 https://vulners.com/prion/PRION:CVE-2023-22103 | PRION:CVE-2023-22097 3.3 https://vulners.com/prion/PRION:CVE-2023-22097 | PRION:CVE-2023-22092 3.3 https://vulners.com/prion/PRION:CVE-2023-22092 | PRION:CVE-2023-22084 3.3 https://vulners.com/prion/PRION:CVE-2023-22084 | PRION:CVE-2023-22078 3.3 https://vulners.com/prion/PRION:CVE-2023-22078 | PRION:CVE-2023-22070 3.3 https://vulners.com/prion/PRION:CVE-2023-22070 | PRION:CVE-2023-22068 3.3 https://vulners.com/prion/PRION:CVE-2023-22068 | PRION:CVE-2023-22066 3.3 https://vulners.com/prion/PRION:CVE-2023-22066 | PRION:CVE-2023-22065 3.3 https://vulners.com/prion/PRION:CVE-2023-22065 | PRION:CVE-2023-22064 3.3 https://vulners.com/prion/PRION:CVE-2023-22064 | PRION:CVE-2023-22057 3.3 https://vulners.com/prion/PRION:CVE-2023-22057 | PRION:CVE-2023-22056 3.3 https://vulners.com/prion/PRION:CVE-2023-22056 | PRION:CVE-2023-22054 3.3 https://vulners.com/prion/PRION:CVE-2023-22054 | PRION:CVE-2023-22032 3.3 https://vulners.com/prion/PRION:CVE-2023-22032\n| PRION:CVE-2023-22028 3.3 https://vulners.com/prion/PRION:CVE-2023-22028 | PRION:CVE-2023-22026 3.3 https://vulners.com/prion/PRION:CVE-2023-22026\n| PRION:CVE-2023-22015 3.3 https://vulners.com/prion/PRION:CVE-2023-22015\n| PRION:CVE-2023-22007 3.3 https://vulners.com/prion/PRION:CVE-2023-22007 | PRION:CVE-2023-21982 3.3 https://vulners.com/prion/PRION:CVE-2023-21982 | PRION:CVE-2023-21976 3.3 https://vulners.com/prion/PRION:CVE-2023-21976\n| PRION:CVE-2023-21972 3.3 https://vulners.com/prion/PRION:CVE-2023-21972\n| PRION:CVE-2023-21950 3.3 https://vulners.com/prion/PRION:CVE-2023-21950\n| PRION:CVE-2023-21887 3.3 https://vulners.com/prion/PRION:CVE-2023-21887\n| PRION:CVE-2023-21883 3.3 https://vulners.com/prion/PRION:CVE-2023-21883\n| PRION:CVE-2023-21882 3.3 https://vulners.com/prion/PRION:CVE-2023-21882 | PRION:CVE-2023-21881 3.3 https://vulners.com/prion/PRION:CVE-2023-21881\n| PRION:CVE-2023-21879 3.3 https://vulners.com/prion/PRION:CVE-2023-21879\n| PRION:CVE-2023-21878 3.3 https://vulners.com/prion/PRION:CVE-2023-21878 | PRION:CVE-2023-21876 3.3 https://vulners.com/prion/PRION:CVE-2023-21876 | PRION:CVE-2022-39400 3.3 https://vulners.com/prion/PRION:CVE-2022-39400\n| PRION:CVE-2022-21641 3.3 https://vulners.com/prion/PRION:CVE-2022-21641\n| PRION:CVE-2022-21640 3.3 https://vulners.com/prion/PRION:CVE-2022-21640\n| PRION:CVE-2022-21638 3.3 https://vulners.com/prion/PRION:CVE-2022-21638\n| PRION:CVE-2022-21637 3.3 https://vulners.com/prion/PRION:CVE-2022-21637 | PRION:CVE-2022-21633 3.3 https://vulners.com/prion/PRION:CVE-2022-21633\n| PRION:CVE-2022-21632 3.3 https://vulners.com/prion/PRION:CVE-2022-21632\n| PRION:CVE-2022-21617 3.3 https://vulners.com/prion/PRION:CVE-2022-21617 | PRION:CVE-2022-21608 3.3 https://vulners.com/prion/PRION:CVE-2022-21608 | PRION:CVE-2022-21607 3.3 https://vulners.com/prion/PRION:CVE-2022-21607", "creation_timestamp": "2023-11-15T17:01:59.000000Z"}, {"uuid": "e35dd7d4-c09d-4131-b592-0591440d1000", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-21640", "type": "published-proof-of-concept", "source": "https://t.me/BABATATASASA/5993", "content": "| PRION:CVE-2023-22110 3.3 https://vulners.com/prion/PRION:CVE-2023-22110 | PRION:CVE-2023-22104 3.3 https://vulners.com/prion/PRION:CVE-2023-22104 | PRION:CVE-2023-22103 3.3 https://vulners.com/prion/PRION:CVE-2023-22103 | PRION:CVE-2023-22097 3.3 https://vulners.com/prion/PRION:CVE-2023-22097 | PRION:CVE-2023-22092 3.3 https://vulners.com/prion/PRION:CVE-2023-22092 | PRION:CVE-2023-22084 3.3 https://vulners.com/prion/PRION:CVE-2023-22084 | PRION:CVE-2023-22078 3.3 https://vulners.com/prion/PRION:CVE-2023-22078 | PRION:CVE-2023-22070 3.3 https://vulners.com/prion/PRION:CVE-2023-22070 | PRION:CVE-2023-22068 3.3 https://vulners.com/prion/PRION:CVE-2023-22068 | PRION:CVE-2023-22066 3.3 https://vulners.com/prion/PRION:CVE-2023-22066 | PRION:CVE-2023-22065 3.3 https://vulners.com/prion/PRION:CVE-2023-22065 | PRION:CVE-2023-22064 3.3 https://vulners.com/prion/PRION:CVE-2023-22064 | PRION:CVE-2023-22057 3.3 https://vulners.com/prion/PRION:CVE-2023-22057 | PRION:CVE-2023-22056 3.3 https://vulners.com/prion/PRION:CVE-2023-22056 | PRION:CVE-2023-22054 3.3 https://vulners.com/prion/PRION:CVE-2023-22054 | PRION:CVE-2023-22032 3.3 https://vulners.com/prion/PRION:CVE-2023-22032\n| PRION:CVE-2023-22028 3.3 https://vulners.com/prion/PRION:CVE-2023-22028 | PRION:CVE-2023-22026 3.3 https://vulners.com/prion/PRION:CVE-2023-22026\n| PRION:CVE-2023-22015 3.3 https://vulners.com/prion/PRION:CVE-2023-22015\n| PRION:CVE-2023-22007 3.3 https://vulners.com/prion/PRION:CVE-2023-22007 | PRION:CVE-2023-21982 3.3 https://vulners.com/prion/PRION:CVE-2023-21982 | PRION:CVE-2023-21976 3.3 https://vulners.com/prion/PRION:CVE-2023-21976\n| PRION:CVE-2023-21972 3.3 https://vulners.com/prion/PRION:CVE-2023-21972\n| PRION:CVE-2023-21950 3.3 https://vulners.com/prion/PRION:CVE-2023-21950\n| PRION:CVE-2023-21887 3.3 https://vulners.com/prion/PRION:CVE-2023-21887\n| PRION:CVE-2023-21883 3.3 https://vulners.com/prion/PRION:CVE-2023-21883\n| PRION:CVE-2023-21882 3.3 https://vulners.com/prion/PRION:CVE-2023-21882 | PRION:CVE-2023-21881 3.3 https://vulners.com/prion/PRION:CVE-2023-21881\n| PRION:CVE-2023-21879 3.3 https://vulners.com/prion/PRION:CVE-2023-21879\n| PRION:CVE-2023-21878 3.3 https://vulners.com/prion/PRION:CVE-2023-21878 | PRION:CVE-2023-21876 3.3 https://vulners.com/prion/PRION:CVE-2023-21876 | PRION:CVE-2022-39400 3.3 https://vulners.com/prion/PRION:CVE-2022-39400\n| PRION:CVE-2022-21641 3.3 https://vulners.com/prion/PRION:CVE-2022-21641\n| PRION:CVE-2022-21640 3.3 https://vulners.com/prion/PRION:CVE-2022-21640\n| PRION:CVE-2022-21638 3.3 https://vulners.com/prion/PRION:CVE-2022-21638\n| PRION:CVE-2022-21637 3.3 https://vulners.com/prion/PRION:CVE-2022-21637 | PRION:CVE-2022-21633 3.3 https://vulners.com/prion/PRION:CVE-2022-21633\n| PRION:CVE-2022-21632 3.3 https://vulners.com/prion/PRION:CVE-2022-21632\n| PRION:CVE-2022-21617 3.3 https://vulners.com/prion/PRION:CVE-2022-21617 | PRION:CVE-2022-21608 3.3 https://vulners.com/prion/PRION:CVE-2022-21608 | PRION:CVE-2022-21607 3.3 https://vulners.com/prion/PRION:CVE-2022-21607", "creation_timestamp": "2023-11-15T17:01:59.000000Z"}, {"uuid": "2b48ac32-0668-4a80-adeb-43ae9e9e146f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2164", "type": "seen", "source": "https://t.me/true_secator/3090", "content": "\u041d\u0430 \u044d\u0442\u043e\u0439 \u043d\u0435\u0434\u0435\u043b\u0435 Google \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u0441\u0442\u0430\u0431\u0438\u043b\u044c\u043d\u0443\u044e \u0432\u0435\u0440\u0441\u0438\u044e Chrome 103,\n\u0438\u0441\u043f\u0440\u0430\u0432\u0438\u0432 14 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439.\n\n\u041d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0439 \u0438\u0437 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0445 \u043e\u0448\u0438\u0431\u043e\u043a \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f CVE-2022-2156 \u0432 Base, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u043f\u043e\u0441\u043b\u0435 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u044f, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044e \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430, \u043f\u043e\u0432\u0440\u0435\u0436\u0434\u0435\u043d\u0438\u044e \u0434\u0430\u043d\u043d\u044b\u0445 \u0438\u043b\u0438 \u043e\u0442\u043a\u0430\u0437\u0443 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438. \n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b \u041c\u0430\u0440\u043a \u0411\u0440\u044d\u043d\u0434 \u0438\u0437 Google Project Zero.\n\n\u0412 \u0441\u043e\u0447\u0435\u0442\u0430\u043d\u0438\u0438 \u0441 \u0434\u0440\u0443\u0433\u0438\u043c\u0438 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430\u043c\u0438 \u0432 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u043e\u0448\u0438\u0431\u043a\u0430 \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u0432\u044b\u0445\u043e\u0434\u0443 \u0438\u0437 \u043f\u0435\u0441\u043e\u0447\u043d\u0438\u0446\u044b \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430 \u0438\u043b\u0438 \u043f\u043e\u043b\u043d\u043e\u0439 \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u0438 \u0441\u0438\u0441\u0442\u0435\u043c\u044b.\n\n\u0412 \u043d\u043e\u0432\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438 Chrome 103 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u044b \u0442\u0430\u043a\u0436\u0435 \u0442\u0440\u0438 \u0434\u0440\u0443\u0433\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u043f\u043e\u0441\u043b\u0435 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u044f, \u0432\u043b\u0438\u044f\u044e\u0449\u0438\u0435 \u043d\u0430 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u044b:\n\n- Interest groups (CVE-2022-2157, \u0432\u044b\u0441\u043e\u043a\u0430\u044f \u0441\u0442\u0435\u043f\u0435\u043d\u044c \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438, \u043e\u0431 \u043e\u0448\u0438\u0431\u043a\u0435 \u0441\u043e\u043e\u0431\u0449\u0438\u043b\u0438 \u041d\u0430\u043d \u0412\u0430\u043d \u0438 \u0413\u0443\u0430\u043d \u0413\u0443\u043d \u0438\u0437 360 Alpha Lab),\n- WebApp Provider (CVE-2022-2161, \u0441\u0440\u0435\u0434\u043d\u044f\u044f \u0441\u0442\u0435\u043f\u0435\u043d\u044c \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438, \u0440\u0430\u0441\u043a\u0440\u044b\u043b \u0427\u0436\u0438\u0445\u0443\u0430 \u042f\u043e \u0438\u0437 KunLun Lab),\n- Cast UI and Toolbar (CVE-2022-2163, \u043d\u0438\u0437\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c, \u0441\u043e\u043e\u0431\u0449\u0438\u043b \u0427\u0430\u043e\u044e\u0430\u043d\u044c \u041f\u044d\u043d).\n\n\u041f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 Chrome \u0442\u0430\u043a\u0436\u0435 \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u0435\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0443\u044e \u0441 \u043f\u0443\u0442\u0430\u043d\u0438\u0446\u0435\u0439 \u0442\u0438\u043f\u043e\u0432 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438, \u0432 \u0434\u0432\u0438\u0436\u043a\u0435 V8 JavaScript \u0438 WebAssembly - CVE-2022-2158, \u043a\u043e\u0442\u043e\u0440\u0443\u044e \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b \u0411\u043e\u0445\u0430\u043d \u041b\u044e \u0438\u0437 Tencent Security Xuanwu Lab.\n\n\u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, \u0437\u0430\u043a\u0440\u044b\u0442\u044b \u0438 \u0434\u0440\u0443\u0433\u0438\u0435 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u0441\u0440\u0435\u0434\u043d\u0435\u0439 \u0438 \u043d\u0438\u0437\u043a\u043e\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e\u0435 \u043f\u0440\u0438\u043c\u0435\u043d\u0435\u043d\u0438\u0435 \u043f\u043e\u043b\u0438\u0442\u0438\u043a \u0432 DevTools (CVE-2022-2160), API \u0444\u0430\u0439\u043b\u043e\u0432\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b (CVE-2022-2162), \u043d\u0435\u0434\u043e\u043f\u0443\u0441\u0442\u0438\u043c\u0443\u044e \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u044e \u0432 Extensions API (CVE-2022-2164 \u0438 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u0443\u044e \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0443 \u0434\u0430\u043d\u043d\u044b\u0445 \u0432 \u0444\u043e\u0440\u043c\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0438 URL (CVE-2022-2165).\n\nGoogle \u043e\u0442\u043c\u0435\u0447\u0430\u0435\u0442, \u0447\u0442\u043e \u0432\u044b\u043f\u043b\u0430\u0442\u0438\u043b\u0430 \u0432 \u043e\u0431\u0449\u0435\u0439 \u0441\u043b\u043e\u0436\u043d\u043e\u0441\u0442\u0438 44 000 \u0434\u043e\u043b\u043b\u0430\u0440\u043e\u0432 \u0421\u0428\u0410 \u0432 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u0432\u043e\u0437\u043d\u0430\u0433\u0440\u0430\u0436\u0434\u0435\u043d\u0438\u044f \u0437\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043e\u043a, \u0434\u0430\u043d\u043d\u044b\u043c\u0438 \u043e\u0431 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0438 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u043e\u0432 \u0432 \u0434\u0438\u043a\u043e\u0439 \u043f\u0440\u0438\u0440\u043e\u0434\u0435 \u043d\u0435 \u0440\u0430\u0441\u043f\u043e\u043b\u0430\u0433\u0430\u0435\u0442.\n\n\u041f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0439 \u0432\u044b\u043f\u0443\u0441\u043a Chrome \u0432 \u043d\u0430\u0441\u0442\u043e\u044f\u0449\u0435\u0435 \u0432\u0440\u0435\u043c\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0435\u043d \u0434\u043b\u044f Windows, Mac \u0438 Linux \u043a\u0430\u043a \u0432\u0435\u0440\u0441\u0438\u044f 103.0.5060.53, \u0442\u0430\u043a \u0447\u0442\u043e \u0432\u0441\u0435\u043c \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u043c \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c\u0441\u044f.", "creation_timestamp": "2022-06-23T10:20:36.000000Z"}, {"uuid": "b7390daf-c890-47e1-823c-9bc222327912", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-21642", "type": "seen", "source": "https://t.me/cibsecurity/35004", "content": "\u203c CVE-2022-21642 \u203c\n\nDiscourse is an open source platform for community discussion. In affected versions when composing a message from topic the composer user suggestions reveals whisper participants. The issue has been patched in stable version 2.7.13 and beta version 2.8.0.beta11. There is no workaround for this issue and users are advised to upgrade.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-05T22:40:20.000000Z"}, {"uuid": "d3027b29-dc0a-42e9-be24-42ccea5668d5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-21649", "type": "seen", "source": "https://t.me/cibsecurity/34967", "content": "\u203c CVE-2022-21649 \u203c\n\nConvos is an open source multi-user chat that runs in a web browser. Characters starting with \"https://\" in the chat window create an tag. Stored XSS vulnerability using onfocus and autofocus occurs because escaping exists for \"<\" or \">\" but escaping for double quotes does not exist. Through this vulnerability, an attacker is capable to execute malicious scripts. Users are advised to update as soon as possible.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-05T00:39:25.000000Z"}, {"uuid": "391e93f0-4c4d-4f17-926e-10a3df32e11e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-21644", "type": "seen", "source": "https://t.me/cibsecurity/34960", "content": "\u203c CVE-2022-21644 \u203c\n\nUSOC is an open source CMS with a focus on simplicity. In affected versions USOC allows for SQL injection via usersearch.php. In search terms provided by the user were not sanitized and were used directly to construct a sql statement. The only users permitted to search are site admins. Users are advised to upgrade as soon as possible. There are not workarounds for this issue.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-04T22:38:39.000000Z"}, {"uuid": "3c81a4c7-693f-4a97-8257-55ed9ead91d9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-21643", "type": "seen", "source": "https://t.me/cibsecurity/34958", "content": "\u203c CVE-2022-21643 \u203c\n\nUSOC is an open source CMS with a focus on simplicity. In affected versions USOC allows for SQL injection via register.php. In particular usernames, email addresses, and passwords provided by the user were not sanitized and were used directly to construct a sql statement. Users are advised to upgrade as soon as possible. There are not workarounds for this issue.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-04T22:38:36.000000Z"}, {"uuid": "ad6487c3-b0d3-452c-a70f-5c569e1bc9fc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-21647", "type": "seen", "source": "https://t.me/cibsecurity/34956", "content": "\u203c CVE-2022-21647 \u203c\n\nCodeIgniter is an open source PHP full-stack web framework. Deserialization of Untrusted Data was found in the `old()` function in CodeIgniter4. Remote attackers may inject auto-loadable arbitrary objects with this vulnerability, and possibly execute existing PHP code on the server. We are aware of a working exploit, which can lead to SQL injection. Users are advised to upgrade to v4.1.6 or later. Users unable to upgrade as advised to not use the `old()` function and form_helper nor `RedirectResponse::withInput()` and `redirect()->withInput()`.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-04T22:38:32.000000Z"}, {"uuid": "6d01cdb3-998e-4985-bc7c-c2667ce8c16e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-21648", "type": "seen", "source": "https://t.me/cibsecurity/34955", "content": "\u203c CVE-2022-21648 \u203c\n\nLatte is an open source template engine for PHP. Versions since 2.8.0 Latte has included a template sandbox and in affected versions it has been found that a sandbox escape exists allowing for injection into web pages generated from Latte. This may lead to XSS attacks. The issue is fixed in the versions 2.8.8, 2.9.6 and 2.10.8. Users unable to upgrade should not accept template input from untrusted sources.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-04T22:38:29.000000Z"}]}