{"vulnerability": "CVE-2022-3513", "sightings": [{"uuid": "296b84e9-331f-4b53-a0ef-bacd72b67e67", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35136", "type": "seen", "source": "https://t.me/cibsecurity/51371", "content": "\u203c CVE-2022-35136 \u203c\n\nBoodskap IoT Platform v4.4.9-02 allows attackers to make unauthenticated API requests.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-14T02:28:14.000000Z"}, {"uuid": "965b883a-1117-457a-adc3-c1aff9d55b17", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3513", "type": "seen", "source": "https://t.me/cibsecurity/61513", "content": "\u203c CVE-2022-3513 \u203c\n\nAn issue has been discovered in GitLab affecting all versions starting from 12.8 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. A specially crafted payload could lead to a reflected XSS on the client side which allows attackers to perform arbitrary actions on behalf of victims on self-hosted instances running without strict CSP.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-06T00:26:39.000000Z"}, {"uuid": "01ab4bb7-9adc-4abb-88ed-76962b351221", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3513", "type": "seen", "source": "Telegram/UwQ5OgWVo7aKA_MFyw2Uo86nAuQKZQ2mmzbOBNvya2NdLySt", "content": "", "creation_timestamp": "2025-02-14T10:03:10.000000Z"}, {"uuid": "a8688186-5421-4d54-9782-dc8e0f322a68", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35137", "type": "seen", "source": "https://t.me/cibsecurity/50739", "content": "\u203c CVE-2022-35137 \u203c\n\nDGIOT Lightweight industrial IoT v4.5.4 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-29T22:35:19.000000Z"}, {"uuid": "881cc967-2766-4fb1-a7c3-3687b56439e3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35134", "type": "seen", "source": "https://t.me/cibsecurity/51382", "content": "\u203c CVE-2022-35134 \u203c\n\nBoodskap IoT Platform v4.4.9-02 contains a cross-site scripting (XSS) vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-14T02:28:26.000000Z"}, {"uuid": "cc224fc5-518d-4236-9909-181ee591ced4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35135", "type": "seen", "source": "https://t.me/cibsecurity/51374", "content": "\u203c CVE-2022-35135 \u203c\n\nBoodskap IoT Platform v4.4.9-02 allows attackers to escalate privileges via a crafted request sent to /api/user/upsert/.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-14T02:28:17.000000Z"}, {"uuid": "49b59e2f-c955-4f29-bb10-613cf26705cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35131", "type": "seen", "source": "https://t.me/cibsecurity/46965", "content": "\u203c CVE-2022-35131 \u203c\n\nJoplin v2.8.8 allows attackers to execute arbitrary commands via a crafted payload injected into the Node titles.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-26T00:33:23.000000Z"}, {"uuid": "aca3d6dc-08a6-436c-bb5e-1d982ea8422c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35133", "type": "seen", "source": "https://t.me/cibsecurity/48301", "content": "\u203c CVE-2022-35133 \u203c\n\nA cross-site scripting (XSS) vulnerability in CherryTree v0.99.30 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name text field when creating a node.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-18T00:40:40.000000Z"}]}