{"vulnerability": "CVE-2022-3613", "sightings": [{"uuid": "daa3dc49-a267-4681-b855-1c46c8d616b7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36137", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/13434", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-36137\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: ChurchCRM Version 4.4.5 has XSS vulnerabilities that allow attackers to store XSS via location input sHeader.\n\ud83d\udccf Published: 2022-11-29T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-25T14:57:34.693Z\n\ud83d\udd17 References:\n1. https://github.com/ChurchCRM/CRM/releases/tag/4.4.5\n2. https://grimthereaperteam.medium.com/churchcrm-version-4-4-5-stored-xss-vulnerability-at-sheader-2ed4184030f7", "creation_timestamp": "2025-04-25T15:07:32.000000Z"}, {"uuid": "d4edfa2e-53d1-49ac-bbf0-ecea7349701d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36133", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/13495", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-36133\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The WebConfig functionality of Epson TM-C3500 and TM-C7500 devices with firmware version WAM31500 allows authentication bypass.\n\ud83d\udccf Published: 2022-11-25T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-25T17:31:19.789Z\n\ud83d\udd17 References:\n1. https://download.epson-biz.com/epson/epson_public_document.php?name=Infomation_history.pdf\n2. https://download.epson-biz.com/modules/colorworks/", "creation_timestamp": "2025-04-25T18:08:32.000000Z"}, {"uuid": "9ffa4e54-5c32-45ef-b094-0eaa1160e61e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36136", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/13433", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-36136\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: ChurchCRM Version 4.4.5 has XSS vulnerabilities that allow attackers to store XSS via location input Deposit Comment.\n\ud83d\udccf Published: 2022-11-29T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-25T14:58:26.534Z\n\ud83d\udd17 References:\n1. https://github.com/ChurchCRM/CRM/releases/tag/4.4.5\n2. https://grimthereaperteam.medium.com/churchcrm-version-4-4-5-stored-xss-vulnerability-at-deposit-commend-839d2c587d6e", "creation_timestamp": "2025-04-25T15:07:31.000000Z"}, {"uuid": "b15a770d-dfa6-4de9-adbd-aad6807d33a4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36131", "type": "seen", "source": "https://t.me/cibsecurity/46791", "content": "\u203c CVE-2022-36131 \u203c\n\nThe Better PDF Exporter add-on 10.0.0 for Atlassian Jira is prone to stored XSS via a crafted description to the PDF Templates overview page.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-22T16:19:12.000000Z"}, {"uuid": "89933f4e-9d0e-4401-bffc-c6998f1d2f5a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3613", "type": "seen", "source": "https://t.me/cibsecurity/56414", "content": "\u203c CVE-2022-3613 \u203c\n\nAn issue has been discovered in GitLab CE/EE affecting all versions before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. A crafted Prometheus Server query can cause high resource consumption and may lead to Denial of Service.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-12T07:30:07.000000Z"}, {"uuid": "956dd71b-81c5-4224-9b48-89b323a20c9d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36137", "type": "seen", "source": "https://t.me/cibsecurity/53631", "content": "\u203c CVE-2022-36137 \u203c\n\nChurchCRM Version 4.4.5 has XSS vulnerabilities that allow attackers to store XSS via location input sHeader.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-29T07:28:47.000000Z"}, {"uuid": "5c169a6e-1593-41ac-a9e1-e04ea78fc35b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36133", "type": "seen", "source": "https://t.me/cibsecurity/53492", "content": "\u203c CVE-2022-36133 \u203c\n\nThe WebConfig functionality of Epson TM-C3500 and TM-C7500 devices with firmware version WAM31500 allows authentication bypass.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-25T12:15:10.000000Z"}]}