{"vulnerability": "CVE-2022-2305", "sightings": [{"uuid": "d2c1faa2-6404-4440-abb7-fd7adfb61e40", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23054", "type": "seen", "source": "https://t.me/cibsecurity/37853", "content": "\u203c CVE-2022-23054 \u203c\n\nOpenmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via the \u00e2\u20ac\u0153Summary Widget\u00e2\u20ac\ufffd element, that allows the injection of malicious JavaScript into the \u00e2\u20ac\u02dcURL\u00e2\u20ac\u2122 field. This issue affects: nasa openmct 1.7.7 version and prior versions; 1.3.0 version and later versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-20T22:40:42.000000Z"}, {"uuid": "4bdff0b0-42d6-4b93-b64a-fe0033f6730f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23050", "type": "seen", "source": "https://t.me/cibsecurity/43292", "content": "\u203c CVE-2022-23050 \u203c\n\nManageEngine AppManager15 (Build No:15510) allows an authenticated admin user to upload a DLL file to perform a DLL hijack attack inside the 'working' folder through the 'Upload Files / Binaries' functionality.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-24T22:37:10.000000Z"}, {"uuid": "b9df7a7c-45a2-465f-b3ef-7ae5fdd816be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23051", "type": "seen", "source": "https://t.me/cibsecurity/38401", "content": "\u203c CVE-2022-23051 \u203c\n\nPeteReport Version 0.5 allows an authenticated admin user to inject persistent JavaScript code while adding an 'Attack Tree' by modifying the 'svg_file' parameter.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-04T00:26:41.000000Z"}, {"uuid": "e74a4cdd-88c4-4ab5-96ee-ac793f7ccb09", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23052", "type": "seen", "source": "https://t.me/cibsecurity/38393", "content": "\u203c CVE-2022-23052 \u203c\n\nPeteReport Version 0.5 contains a Cross Site Request Forgery (CSRF) vulnerability allowing an attacker to trick users into deleting users, products, reports and findings on the application.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-04T00:26:33.000000Z"}, {"uuid": "737cbb20-ec98-4385-8ab9-88fa72be79e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23059", "type": "seen", "source": "https://t.me/cibsecurity/39718", "content": "\u203c CVE-2022-23059 \u203c\n\nA Stored Cross Site Scripting (XSS) vulnerability exists in Shopizer versions v2.0.2 through v2.17.0 via the \u00e2\u20ac\u0153Manage Images\u00e2\u20ac\ufffd tab, which allows an attacker to upload a SVG file containing malicious JavaScript code.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-29T15:01:04.000000Z"}, {"uuid": "bdda8ee8-9c2d-458b-abb2-676b9fbca843", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23053", "type": "seen", "source": "https://t.me/cibsecurity/37848", "content": "\u203c CVE-2022-23053 \u203c\n\nOpenmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via the \u00e2\u20ac\u0153Condition Widget\u00e2\u20ac\ufffd element, that allows the injection of malicious JavaScript into the \u00e2\u20ac\u02dcURL\u00e2\u20ac\u2122 field. This issue affects: nasa openmct 1.7.7 version and prior versions; 1.3.0 version and later versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-20T22:40:31.000000Z"}]}