{"vulnerability": "CVE-2022-2858", "sightings": [{"uuid": "650dbd88-73d9-4040-ba04-98bbad9e10be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28582", "type": "seen", "source": "https://t.me/cibsecurity/42048", "content": "\u203c CVE-2022-28582 \u203c\n\nIt is found that there is a command injection vulnerability in the setWiFiSignalCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-05T22:36:46.000000Z"}, {"uuid": "2e3ba157-8f5d-47f3-8be7-dd35c1a8c1aa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28585", "type": "seen", "source": "https://t.me/cibsecurity/41836", "content": "\u203c CVE-2022-28585 \u203c\n\nEmpireCMS 7.5 has a SQL injection vulnerability in AdClass.php\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-03T22:35:49.000000Z"}, {"uuid": "d67ae035-c959-47fd-83be-d2564e400d91", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28588", "type": "seen", "source": "https://t.me/cibsecurity/41838", "content": "\u203c CVE-2022-28588 \u203c\n\nIn SpringBootMovie &lt;=1.2 when adding movie names, malicious code can be stored because there are no filtering parameters, resulting in stored XSS.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-03T22:35:51.000000Z"}, {"uuid": "78a9d373-af30-451b-a8d4-256fa6bc120b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28589", "type": "seen", "source": "https://t.me/cibsecurity/41813", "content": "\u203c CVE-2022-28589 \u203c\n\nA stored cross-site scripting (XSS) vulnerability in Pixelimity 1.0 allows attackers to execute arbitrary web scripts or HTML via the Title field in admin/pages.php?action=add_new\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-03T18:28:48.000000Z"}, {"uuid": "52be3e8d-0b9d-4a3a-b9db-19506b8bcf99", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2858", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/17189", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-2858\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Use after free in Sign-In Flow in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via specific UI interaction.\n\ud83d\udccf Published: 2022-09-26T15:01:14.000Z\n\ud83d\udccf Modified: 2025-05-21T19:12:12.706Z\n\ud83d\udd17 References:\n1. https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_16.html\n2. https://crbug.com/1341918\n3. https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4NMJURTG5RO3TGD7ZMIQ6Z4ZZ3SAVYE/", "creation_timestamp": "2025-05-21T19:43:01.000000Z"}, {"uuid": "82ae963d-2a11-4e63-a967-03b4c62135de", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28580", "type": "seen", "source": "https://t.me/cibsecurity/42057", "content": "\u203c CVE-2022-28580 \u203c\n\nIt is found that there is a command injection vulnerability in the setL2tpServerCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-05T22:37:01.000000Z"}, {"uuid": "2c9ded0f-250e-4c8e-a7de-d9848d04c118", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28584", "type": "seen", "source": "https://t.me/cibsecurity/42056", "content": "\u203c CVE-2022-28584 \u203c\n\nIt is found that there is a command injection vulnerability in the setWiFiWpsStart interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-05T22:37:00.000000Z"}, {"uuid": "13928bf9-cdac-464d-aea9-166e1f4c377a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28583", "type": "seen", "source": "https://t.me/cibsecurity/42054", "content": "\u203c CVE-2022-28583 \u203c\n\nIt is found that there is a command injection vulnerability in the setWiFiWpsCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-05T22:36:58.000000Z"}, {"uuid": "5ed33d6b-700c-4a34-9583-708bff5e3fce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28581", "type": "seen", "source": "https://t.me/cibsecurity/42051", "content": "\u203c CVE-2022-28581 \u203c\n\nIt is found that there is a command injection vulnerability in the setWiFiAdvancedCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-05T22:36:52.000000Z"}, {"uuid": "0d7d4d74-deda-4515-9f2d-43d62230aa2a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28586", "type": "seen", "source": "https://t.me/cibsecurity/41375", "content": "\u203c CVE-2022-28586 \u203c\n\nXSS in edit page of Hoosk 1.8.0 allows attacker to execute javascript code in user browser via edit page with XSS payload bypass filter some special chars.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-25T16:36:07.000000Z"}]}