{"vulnerability": "CVE-2022-3603", "sightings": [{"uuid": "452a9f2d-d6b3-4a1a-8898-da302018acaf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3603", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3linm6med622p", "content": "", "creation_timestamp": "2025-02-21T01:01:53.915568Z"}, {"uuid": "e7ccb63b-d942-4b2e-a5dc-4a445373a56e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3603", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/13515", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-3603\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The Export customers list csv for WooCommerce, WordPress users csv, export Guest customer list WordPress plugin before 2.0.69 does not validate data when outputting it back in a CSV file, which could lead to CSV injection.\n\ud83d\udccf Published: 2022-11-28T13:47:22.384Z\n\ud83d\udccf Modified: 2025-04-25T19:57:21.447Z\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/376e2bc7-2eb9-4e0a-809c-1582940ebdc7", "creation_timestamp": "2025-04-25T20:07:56.000000Z"}, {"uuid": "9f2df9aa-2b5d-49e9-b620-2315415d01c0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36033", "type": "seen", "source": "https://t.me/ctinow/181628", "content": "https://ift.tt/aESQ4rq\nCVE-2022-36033 | Oracle Banking Virtual Account Management up to 14.7.0 Common Core cross site scripting", "creation_timestamp": "2024-02-08T21:11:45.000000Z"}, {"uuid": "3a3a3b39-22eb-411a-8b94-9b418b1d9aea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36033", "type": "seen", "source": "https://t.me/ctinow/181629", "content": "https://ift.tt/vqrBkRj\nCVE-2022-36033 | Oracle Financial Services Lending and Leasing up to 14.7.0 Internal Operations cross site scripting", "creation_timestamp": "2024-02-08T21:11:46.000000Z"}, {"uuid": "3af6de3d-f208-4366-8047-98ce4bba33a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36033", "type": "seen", "source": "https://t.me/ctinow/181619", "content": "https://ift.tt/Hhmr4LS\nCVE-2022-36033 | Oracle Banking Electronic Data Exchange for Corporates up to 14.7.0 Reports cross site scripting", "creation_timestamp": "2024-02-08T20:42:00.000000Z"}, {"uuid": "e291ae77-ef02-4775-8d94-8c4e0c50ff19", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36033", "type": "seen", "source": "https://t.me/ctinow/181618", "content": "https://ift.tt/ACbIoDf\nCVE-2022-36033 | Oracle Banking Corporate Lending Process Management up to 14.7.0 Base cross site scripting", "creation_timestamp": "2024-02-08T20:41:59.000000Z"}, {"uuid": "a7c28eab-cd0e-4a69-ad15-9f174420df94", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36033", "type": "seen", "source": "https://t.me/ctinow/181660", "content": "https://ift.tt/BhfklEg\nCVE-2022-36033 | Oracle FLEXCUBE Enterprise Limits and Collateral Management Infrastructure unknown vulnerability", "creation_timestamp": "2024-02-08T22:16:20.000000Z"}, {"uuid": "f0751434-5403-4be0-a3a9-d771fe4d8a1e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36033", "type": "seen", "source": "https://t.me/ctinow/181607", "content": "https://ift.tt/zPJUSuR\nCVE-2022-36033 | Oracle Banking Branch up to 14.7.0 Reports cross site scripting", "creation_timestamp": "2024-02-08T20:11:16.000000Z"}, {"uuid": "db61771d-13af-40f7-a682-ff2a3f2bc7cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36036", "type": "seen", "source": "https://t.me/cibsecurity/49003", "content": "\u203c CVE-2022-36036 \u203c\n\nmdx-mermaid provides plug and play access to Mermaid in MDX. There is a potential for an arbitrary javascript injection in versions less than 1.3.0 and 2.0.0-rc1. Modify any mermaid code blocks with arbitrary code and it will execute when the component is loaded by MDXjs. This vulnerability was patched in version(s) 1.3.0 and 2.0.0-rc2. There are currently no known workarounds.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-29T22:34:26.000000Z"}, {"uuid": "4c1a37cc-034d-4b9e-bbf8-9ade70907882", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36032", "type": "seen", "source": "https://t.me/cibsecurity/49346", "content": "\u203c CVE-2022-36032 \u203c\n\nReactPHP HTTP is a streaming HTTP client and server implementation for ReactPHP. In ReactPHP's HTTP server component versions starting with 0.7.0 and prior to 1.7.0, when ReactPHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like `__Host-` and `__Secure-` confused with cookies that decode to such prefix, thus leading to an attacker being able to forge cookie which is supposed to be secure. This issue is fixed in ReactPHP HTTP version 1.7.0. As a workaround, Infrastructure or DevOps can place a reverse proxy in front of the ReactPHP HTTP server to filter out any unexpected `Cookie` request headers.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-06T22:13:36.000000Z"}, {"uuid": "48116fbd-79d1-45f9-aa94-aee5ca8d4660", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36038", "type": "seen", "source": "https://t.me/cibsecurity/49342", "content": "\u203c CVE-2022-36038 \u203c\n\nCircuitVerse is an open-source platform which allows users to construct digital logic circuits online. A remote code execution (RCE) vulnerability in CircuitVerse allows authenticated attackers to execute arbitrary code via specially crafted JSON payloads. This issue may lead to Remote Code Execution (RCE). A patch is available in commit number 7b3023a99499a7675f10f2c1d9effdf10c35fb6e. There are currently no known workarounds.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-06T22:13:31.000000Z"}, {"uuid": "95b61dc1-2f26-440e-b4f5-f8238d9fc5bf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36035", "type": "seen", "source": "https://t.me/cibsecurity/49107", "content": "\u203c CVE-2022-36035 \u203c\n\nFlux is a tool for keeping Kubernetes clusters in sync with sources of configuration (like Git repositories), and automating updates to configuration when there is new code to deploy. Flux CLI allows users to deploy Flux components into a Kubernetes cluster via command-line. The vulnerability allows other applications to replace the Flux deployment information with arbitrary content which is deployed into the target Kubernetes cluster instead. The vulnerability is due to the improper handling of user-supplied input, which results in a path traversal that can be controlled by the attacker. Users sharing the same shell between other applications and the Flux CLI commands could be affected by this vulnerability. In some scenarios no errors may be presented, which may cause end users not to realize that something is amiss. A safe workaround is to execute Flux CLI in ephemeral and isolated shell environments, which can ensure no persistent values exist from previous processes. However, upgrading to the latest version of the CLI is still the recommended mitigation strategy.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-31T18:36:55.000000Z"}, {"uuid": "42a8664a-a862-4e54-a35c-6ed31cd2026e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36033", "type": "seen", "source": "https://t.me/cibsecurity/48990", "content": "\u203c CVE-2022-36033 \u203c\n\njsoup is a Java HTML parser, built for HTML editing, cleaning, scraping, and cross-site scripting (XSS) safety. jsoup may incorrectly sanitize HTML including `javascript:` URL expressions, which could allow XSS attacks when a reader subsequently clicks that link. If the non-default `SafeList.preserveRelativeLinks` option is enabled, HTML including `javascript:` URLs that have been crafted with control characters will not be sanitized. If the site that this HTML is published on does not set a Content Security Policy, an XSS attack is then possible. This issue is patched in jsoup 1.15.3. Users should upgrade to this version. Additionally, as the unsanitized input may have been persisted, old content should be cleaned again using the updated version. To remediate this issue without immediately upgrading: - disable `SafeList.preserveRelativeLinks`, which will rewrite input URLs as absolute URLs - ensure an appropriate [Content Security Policy](https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP) is defined. (This should be used regardless of upgrading, as a defence-in-depth best practice.)\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-29T20:34:19.000000Z"}, {"uuid": "31c75915-fca2-42d7-b53d-211437263bdd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36037", "type": "seen", "source": "https://t.me/cibsecurity/49005", "content": "\u203c CVE-2022-36037 \u203c\n\nkirby is a content management system (CMS) that adapts to many different projects and helps you build your own ideal interface. Cross-site scripting (XSS) is a type of vulnerability that allows execution of any kind of JavaScript code inside the Panel session of the same or other users. In the Panel, a harmful script can for example trigger requests to Kirby's API with the permissions of the victim. If bad actors gain access to your group of authenticated Panel users they can escalate their privileges via the Panel session of an admin user. Depending on your site, other JavaScript-powered attacks are possible. The multiselect field allows selection of tags from an autocompleted list. Unfortunately, the Panel in Kirby 3.5 used HTML rendering for the raw option value. This allowed **attackers with influence on the options source** to store HTML code. The browser of the victim who visited a page with manipulated multiselect options in the Panel will then have rendered this malicious HTML code when the victim opened the autocomplete dropdown. Users are *not* affected by this vulnerability if you don't use the multiselect field or don't use it with options that can be manipulated by attackers. The problem has been patched in Kirby 3.5.8.1.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-29T22:34:28.000000Z"}, {"uuid": "27a6bde7-049a-4c54-98f0-eed85df20f2d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36034", "type": "seen", "source": "https://t.me/cibsecurity/48989", "content": "\u203c CVE-2022-36034 \u203c\n\nnitrado.js is a type safe wrapper for the Nitrado API. Possible ReDoS with lib input of `{{` and with many repetitions of `{{|`. This issue has been patched in all versions above `0.2.5`. There are currently no known workarounds.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-29T20:34:17.000000Z"}, {"uuid": "6fbb65df-b460-44af-a3d5-4f0058a36aea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36030", "type": "seen", "source": "https://t.me/cibsecurity/48465", "content": "\u203c CVE-2022-36030 \u203c\n\nProject-nexus is a general-purpose blog website framework. Affected versions are subject to SQL injection due to a lack of sensitization of user input. This issue has not yet been patched. Users are advised to restrict user input and to upgrade when a new release becomes available.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-20T07:18:03.000000Z"}, {"uuid": "953982ce-bd79-44ff-81ba-bd512fe2cc23", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36031", "type": "seen", "source": "https://t.me/cibsecurity/48462", "content": "\u203c CVE-2022-36031 \u203c\n\nDirectus is a free and open-source data platform for headless content management. The Directus process can be aborted by having an authorized user update the `filename_disk` value to a folder and accessing that file through the `/assets` endpoint. This vulnerability has been patched and release v9.15.0 contains the fix. Users are advised to upgrade. Users unable to upgrade may prevent this problem by making sure no (untrusted) non-admin users have permissions to update the `filename_disk` field on `directus_files`.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-20T00:17:47.000000Z"}]}