{"vulnerability": "CVE-2022-3690", "sightings": [{"uuid": "dbce4454-4d92-4f11-8f11-0b0d0b1dd814", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36904", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3m3kvbkk6wnh2", "content": "", "creation_timestamp": "2025-10-19T18:06:48.046967Z"}, {"uuid": "93c2ae17-6eaf-42cc-bf44-f41da25e5f97", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3690", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/13871", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-3690\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The Popup Maker WordPress plugin before 1.16.11 does not sanitise and escape some of its Popup options, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks, which could be used against admins\n\ud83d\udccf Published: 2022-11-21T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-29T16:20:14.498Z\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/725f6ae4-7ec5-4d7c-9533-c9b61b59cc2b", "creation_timestamp": "2025-04-29T17:12:03.000000Z"}, {"uuid": "c65f5554-b66a-404b-9078-b3a45a03da3b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36903", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3m3kb2yynzmw2", "content": "", "creation_timestamp": "2025-10-19T15:39:07.049187Z"}, {"uuid": "1f37326d-e7cd-4f1e-9701-b6021e075aec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36903", "type": "seen", "source": "https://bsky.app/profile/potato.software/post/3m3kpfudtee2s", "content": "", "creation_timestamp": "2025-10-19T16:20:18.008886Z"}, {"uuid": "efabdf05-2a14-44ae-9f29-5f65c3a83b68", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36905", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3m3h44jb2cc42", "content": "", "creation_timestamp": "2025-10-18T05:57:11.074672Z"}, {"uuid": "7c84ba65-154e-4073-96f4-2f3f518c8395", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36907", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3m3hqaxo3wcn2", "content": "", "creation_timestamp": "2025-10-18T11:58:00.202400Z"}, {"uuid": "1bfc2407-bcb7-4a29-8267-ebae1790f7ad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36906", "type": "seen", "source": "https://t.me/cibsecurity/47110", "content": "\u203c CVE-2022-36906 \u203c\n\nA cross-site request forgery (CSRF) vulnerability in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified username and password.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-27T18:52:45.000000Z"}, {"uuid": "641f72ad-cd6a-4d9e-8f6c-efa954656016", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36902", "type": "seen", "source": "https://t.me/cibsecurity/47072", "content": "\u203c CVE-2022-36902 \u203c\n\nJenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier does not escape several fields of Moded Extended Choice parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-27T18:46:39.000000Z"}, {"uuid": "e18c37a4-5fc7-4b15-a4b4-94e839d1de79", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36901", "type": "seen", "source": "https://t.me/cibsecurity/47103", "content": "\u203c CVE-2022-36901 \u203c\n\nJenkins HTTP Request Plugin 1.15 and earlier stores HTTP Request passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-27T18:50:04.000000Z"}, {"uuid": "cf907913-8a6f-486b-99b4-960afb87e4d3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36907", "type": "seen", "source": "https://t.me/cibsecurity/47088", "content": "\u203c CVE-2022-36907 \u203c\n\nA missing permission check in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-27T18:49:39.000000Z"}, {"uuid": "186bff2d-fb86-4de2-a933-a63563b0cceb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36909", "type": "seen", "source": "https://t.me/cibsecurity/47087", "content": "\u203c CVE-2022-36909 \u203c\n\nA missing permission check in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system and to upload a SSH key file from the Jenkins controller file system to an attacker-specified URL.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-27T18:49:39.000000Z"}, {"uuid": "46c7dd20-cae7-4ad5-a2c2-de1bbbbb6997", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36908", "type": "seen", "source": "https://t.me/cibsecurity/47086", "content": "\u203c CVE-2022-36908 \u203c\n\nA cross-site request forgery (CSRF) vulnerability in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers to check for the existence of an attacker-specified file path on the Jenkins controller file system and to upload a SSH key file from the Jenkins controller file system to an attacker-specified URL.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-27T18:49:38.000000Z"}]}