{"vulnerability": "CVE-2022-3206", "sightings": [{"uuid": "bb94fa0e-117a-42e0-b106-16e177277466", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-32060", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/7234", "content": "#exploit\n1. Workaround for CVE-2022-41923: Privilege Management Vulnerability\nhttps://github.com/grails/GSSC-CVE-2022-41923\n\n2. CVE-2022-32060:\nSnipe-IT v.6.0.2 - arbitrary file upload\nhttps://github.com/bypazs/CVE-2022-32060\n\n3. CVE-2022-45472:\nDOM Based XSS\nhttps://github.com/nicbrinkley/CVE-2022-45472", "creation_timestamp": "2022-11-24T15:40:59.000000Z"}, {"uuid": "b041d605-9eb7-4339-9160-768a976163c7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3206", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/16398", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-3206\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The Passster WordPress plugin before 3.5.5.5.2 stores the password inside a cookie named \"passster\" using base64 encoding method which is easy to decode. This puts the password at risk in case the cookies get leaked.\n\ud83d\udccf Published: 2022-10-17T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-14T20:15:49.826Z\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/a8963750-62bf-403e-a906-94f371ed2a7a", "creation_timestamp": "2025-05-14T20:32:27.000000Z"}, {"uuid": "15643e88-c2c2-4a1e-b73a-d46087151513", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-32060", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/1498", "content": "#exploit\n1. Workaround for CVE-2022-41923: Privilege Management Vulnerability\nhttps://github.com/grails/GSSC-CVE-2022-41923\n\n2. CVE-2022-32060:\nSnipe-IT v.6.0.2 - arbitrary file upload\nhttps://github.com/bypazs/CVE-2022-32060\n\n3. CVE-2022-45472:\nDOM Based XSS\nhttps://github.com/nicbrinkley/CVE-2022-45472", "creation_timestamp": "2022-11-26T15:13:50.000000Z"}, {"uuid": "a77b8803-b3ff-42dd-8968-0297e6149f2c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3206", "type": "seen", "source": "https://t.me/cibsecurity/51561", "content": "\u203c CVE-2022-3206 \u203c\n\nThe Passster WordPress plugin before 3.5.5.5.2 stores the password inside a cookie named \"passster\" using base64 encoding method which is easy to decode. This puts the password at risk in case the cookies get leaked.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-17T16:13:03.000000Z"}, {"uuid": "a21a41f4-8513-4d31-95df-9df602567f74", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-32065", "type": "seen", "source": "https://t.me/cibsecurity/46166", "content": "\u203c CVE-2022-32065 \u203c\n\nAn arbitrary file upload vulnerability in the background management module of RuoYi v4.7.3 and below allows attackers to execute arbitrary code via a crafted HTML file.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-13T18:26:25.000000Z"}]}