{"vulnerability": "CVE-2022-3987", "sightings": [{"uuid": "facf1306-e3ec-4203-bc27-d2fd15a5141d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3987", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/12225", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-3987\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The Responsive Lightbox2 WordPress plugin before 1.0.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks\n\ud83d\udccf Published: 2022-12-19T13:41:47.729Z\n\ud83d\udccf Modified: 2025-04-17T13:41:59.141Z\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/d9309a09-34ba-4e56-b683-e677ad277b29", "creation_timestamp": "2025-04-17T13:57:53.000000Z"}, {"uuid": "814fe2ed-2d7e-4a4f-bc28-b410959dd45d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3987", "type": "seen", "source": "https://t.me/cibsecurity/54862", "content": "\u203c CVE-2022-3987 \u203c\n\nThe Responsive Lightbox2 WordPress plugin before 1.0.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-19T16:10:36.000000Z"}, {"uuid": "371ab06c-fa96-43b6-882f-a2448b5b8f7a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39879", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/14395", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-39879\n\ud83d\udd25 CVSS Score: 5.9 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper authorization vulnerability in?CallBGProvider prior to SMR Nov-2022 Release 1 allows local attacker to grant permission for accessing information with phone uid.\n\ud83d\udccf Published: 2022-11-09T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-01T19:35:10.233Z\n\ud83d\udd17 References:\n1. https://security.samsungmobile.com/securityUpdate.smsb?year=2022&amp;month=11", "creation_timestamp": "2025-05-01T20:15:58.000000Z"}, {"uuid": "c77722f4-0284-4486-b166-9863594b454c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39879", "type": "seen", "source": "https://t.me/cibsecurity/52740", "content": "\u203c CVE-2022-39879 \u203c\n\nImproper authorization vulnerability in?CallBGProvider prior to SMR Nov-2022 Release 1 allows local attacker to grant permission for accessing information with phone uid.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-10T00:36:44.000000Z"}, {"uuid": "635576f3-3e07-40b7-8d77-b7bb40b37833", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39877", "type": "seen", "source": "https://t.me/cibsecurity/50976", "content": "\u203c CVE-2022-39877 \u203c\n\nImproper access control vulnerability in ProfileSharingAccount in Group Sharing prior to versions 13.0.6.15 in Android S(12), 13.0.6.14 in Android R(11) and below allows attackers to identify the device.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-07T18:17:47.000000Z"}, {"uuid": "24b0f09e-d24c-4929-912d-df72da5edcee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39874", "type": "seen", "source": "https://t.me/cibsecurity/50989", "content": "\u203c CVE-2022-39874 \u203c\n\nSensitive log information leakage vulnerability in Samsung Account prior to version 13.5.0 allows attackers to unauthorized logout.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-07T18:18:03.000000Z"}, {"uuid": "a5e3e287-5933-4542-ad61-2df27e0ce7f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39872", "type": "seen", "source": "https://t.me/cibsecurity/50988", "content": "\u203c CVE-2022-39872 \u203c\n\nImproper restriction of broadcasting Intent in ShareLive prior to version 13.2.03.5 leaks MAC address of the connected Bluetooth device.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-07T18:18:01.000000Z"}, {"uuid": "9b6c06de-e734-4d8b-b68d-dc6fbd703196", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39878", "type": "seen", "source": "https://t.me/cibsecurity/50986", "content": "\u203c CVE-2022-39878 \u203c\n\nImproper access control vulnerability in Samsung Checkout prior to version 5.0.55.3 allows attackers to access sensitive information via implicit intent broadcast.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-07T18:17:59.000000Z"}, {"uuid": "a104420b-f676-4f09-9e1a-c8dccb319fb6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39871", "type": "seen", "source": "https://t.me/cibsecurity/50985", "content": "\u203c CVE-2022-39871 \u203c\n\nImproper access control vulnerability cloudNotificationManager.java in SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcasts.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-07T18:17:58.000000Z"}, {"uuid": "51e2299b-46fe-4679-8b90-c06615790e59", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39875", "type": "seen", "source": "https://t.me/cibsecurity/50980", "content": "\u203c CVE-2022-39875 \u203c\n\nImproper component protection vulnerability in Samsung Account prior to version 13.5.0 allows attackers to unauthorized logout.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-07T18:17:52.000000Z"}, {"uuid": "36cac2ae-23f4-4882-92e8-7a625eab1112", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39870", "type": "seen", "source": "https://t.me/cibsecurity/50979", "content": "\u203c CVE-2022-39870 \u203c\n\nImproper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via PUSH_MESSAGE_RECEIVED broadcast.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-07T18:17:51.000000Z"}]}