{"vulnerability": "CVE-2022-25813", "sightings": [{"uuid": "fba270a8-0863-4312-8964-107af1b7d190", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25813", "type": "seen", "source": "https://t.me/arpsyndicate/2041", "content": "#ExploitObserverAlert\n\nCVE-2022-25813\n\nDESCRIPTION: Exploit Observer has 3 entries related to CVE-2022-25813. In Apache OFBiz, versions 18.12.05 and earlier, an attacker acting as an anonymous user of the ecommerce plugin, can insert a malicious content in a message \u201cSubject\u201d field from the \"Contact us\" page. Then a party manager needs to list the communications in the party component to activate the SSTI. A RCE is then possible.\n\nFIRST-EPSS: 0.004820000\nNVD-IS: 3.6\nNVD-ES: 3.9", "creation_timestamp": "2023-12-20T15:42:12.000000Z"}]}