{"vulnerability": "CVE-2022-4131", "sightings": [{"uuid": "44dbc80e-3d56-4272-9426-1afe60737a39", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41313", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/8665", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-41313\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_0, Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L)\n\ud83d\udd39 Description: A stored cross-site scripting vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can send an HTTP request to trigger this vulnerability.Form field id=\"switch_contact\"\n\ud83d\udccf Published: 2023-02-07T16:52:03.195Z\n\ud83d\udccf Modified: 2025-03-25T14:13:43.703Z\n\ud83d\udd17 References:\n1. https://talosintelligence.com/vulnerability_reports/TALOS-2022-1619\n2. https://www.moxa.com/en/support/product-support/security-advisory/sds-3008-series-multiple-web-vulnerabilities", "creation_timestamp": "2025-03-25T14:24:19.000000Z"}, {"uuid": "ea167c4c-f1f0-4e1c-8130-f51c52936920", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41312", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/8664", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-41312\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_0, Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L)\n\ud83d\udd39 Description: A stored cross-site scripting vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can send an HTTP request to trigger this vulnerability.Form field id=\"Switch Description\", name \"switch_description\"\n\ud83d\udccf Published: 2023-02-07T16:52:03.117Z\n\ud83d\udccf Modified: 2025-03-25T14:14:23.557Z\n\ud83d\udd17 References:\n1. https://talosintelligence.com/vulnerability_reports/TALOS-2022-1619\n2. https://www.moxa.com/en/support/product-support/security-advisory/sds-3008-series-multiple-web-vulnerabilities", "creation_timestamp": "2025-03-25T14:24:18.000000Z"}, {"uuid": "be2248f0-7efb-4a8d-ae1c-4c23b365e179", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4131", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/10939", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-4131\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)\n\ud83d\udd39 Description: An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.8 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. An attacker may cause Denial of Service on a GitLab instance by exploiting a regex issue in how the application parses user agents.\n\ud83d\udccf Published: 2023-01-12T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-08T16:27:37.240Z\n\ud83d\udd17 References:\n1. https://gitlab.com/gitlab-org/gitlab/-/issues/383598\n2. https://hackerone.com/reports/1772063\n3. https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4131.json", "creation_timestamp": "2025-04-08T16:46:25.000000Z"}, {"uuid": "15a99f1c-1ef1-44d0-b195-54ceda022be8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41318", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11685", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-41318\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A buffer over-read was discovered in libntlmauth in Squid 2.5 through 5.6. Due to incorrect integer-overflow protection, the SSPI and SMB authentication helpers are vulnerable to reading unintended memory locations. In some configurations, cleartext credentials from these locations are sent to a client. This is fixed in 5.7.\n\ud83d\udccf Published: 2022-12-25T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-14T18:33:53.348Z\n\ud83d\udd17 References:\n1. https://github.com/squid-cache/squid/security/advisories/GHSA-394c-rr7q-6g78\n2. http://www.squid-cache.org/Versions/v4/changesets/SQUID-2022_2.patch\n3. http://www.squid-cache.org/Versions/v5/changesets/SQUID-2022_2.patch\n4. https://www.openwall.com/lists/oss-security/2022/09/23/2", "creation_timestamp": "2025-04-14T18:54:16.000000Z"}, {"uuid": "7eb41152-06b5-4a99-9350-049888af9101", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41317", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11684", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-41317\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: An issue was discovered in Squid 4.9 through 4.17 and 5.0.6 through 5.6. Due to inconsistent handling of internal URIs, there can be Exposure of Sensitive Information about clients using the proxy via an HTTPS request to an internal cache manager URL. This is fixed in 5.7.\n\ud83d\udccf Published: 2022-12-25T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-14T18:34:22.370Z\n\ud83d\udd17 References:\n1. https://github.com/squid-cache/squid/security/advisories/GHSA-rcg9-7fqm-83mq\n2. http://www.squid-cache.org/Versions/v4/changesets/SQUID-2022_1.patch\n3. http://www.squid-cache.org/Versions/v5/changesets/SQUID-2022_1.patch\n4. https://www.openwall.com/lists/oss-security/2022/09/23/1", "creation_timestamp": "2025-04-14T18:54:15.000000Z"}, {"uuid": "aade8618-671a-4db9-8f9d-9c280211d796", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41311", "type": "seen", "source": "https://t.me/cibsecurity/57688", "content": "\u203c CVE-2022-41311 \u203c\n\nA stored cross-site scripting vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can send an HTTP request to trigger this vulnerability.Form field id=\"webLocationMessage_text\" name=\"webLocationMessage_text\"\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-07T20:24:07.000000Z"}, {"uuid": "df2f7e96-b4ad-4cf8-8e98-baf7bbdf3bf0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41310", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/15321", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-41310\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.\n\ud83d\udccf Published: 2022-10-21T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-07T14:56:52.763Z\n\ud83d\udd17 References:\n1. https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004", "creation_timestamp": "2025-05-07T15:22:37.000000Z"}, {"uuid": "2559fd2e-09e5-46c4-80fd-b395b26d0eba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4131", "type": "seen", "source": "https://t.me/cibsecurity/56410", "content": "\u203c CVE-2022-4131 \u203c\n\nAn issue has been discovered in GitLab CE/EE affecting all versions starting from 10.8 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. An attacker may cause Denial of Service on a GitLab instance by exploiting a regex issue in how the application parses user agents.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-12T07:30:04.000000Z"}, {"uuid": "7163135a-d6e1-4b5b-b254-c426961f379f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41313", "type": "seen", "source": "https://t.me/cibsecurity/57686", "content": "\u203c CVE-2022-41313 \u203c\n\nA stored cross-site scripting vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can send an HTTP request to trigger this vulnerability.Form field id=\"switch_contact\"\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-07T20:45:27.000000Z"}, {"uuid": "7bb4918f-b246-4d7c-88ea-d10359ed0de2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41312", "type": "seen", "source": "https://t.me/cibsecurity/57685", "content": "\u203c CVE-2022-41312 \u203c\n\nA stored cross-site scripting vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can send an HTTP request to trigger this vulnerability.Form field id=\"Switch Description\", name \"switch_description\"\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-07T20:24:04.000000Z"}, {"uuid": "e2f7d867-1119-4c99-9e3a-1bbda047c807", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41317", "type": "seen", "source": "https://t.me/cibsecurity/55313", "content": "\u203c CVE-2022-41317 \u203c\n\nAn issue was discovered in Squid 4.9 through 4.17 and 5.0.6 through 5.6. Due to inconsistent handling of internal URIs, there can be Exposure of Sensitive Information about clients using the proxy via an HTTPS request to an internal cache manager URL. This is fixed in 5.7.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-25T22:40:15.000000Z"}, {"uuid": "f58c264d-93ab-430a-b25d-0abef71d076a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41318", "type": "seen", "source": "https://t.me/cibsecurity/55318", "content": "\u203c CVE-2022-41318 \u203c\n\nA buffer over-read was discovered in libntlmauth in Squid 2.5 through 5.6. Due to incorrect integer-overflow protection, the SSPI and SMB authentication helpers are vulnerable to reading unintended memory locations. In some configurations, cleartext credentials from these locations are sent to a client. This is fixed in 5.7.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-25T22:40:23.000000Z"}, {"uuid": "11e47374-4ea5-486c-80da-a7e8cc51dadd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41315", "type": "seen", "source": "https://t.me/cibsecurity/53130", "content": "\u203c CVE-2022-41315 \u203c\n\nAuth. Stored Cross-Site Scripting (XSS) vulnerability in Ezoic plugin <= 2.8.8 on WordPress.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-18T02:18:16.000000Z"}, {"uuid": "98c33c43-04fb-4b25-9c52-f35a6b10b838", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41319", "type": "seen", "source": "https://t.me/cibsecurity/50303", "content": "\u203c CVE-2022-41319 \u203c\n\nA Reflected Cross-Site Scripting (XSS) vulnerability affects the Veritas Desktop Laptop Option (DLO) application login page (aka the DLOServer/restore/login.jsp URI). This affects versions before 9.8 (e.g., 9.1 through 9.7).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-23T12:13:09.000000Z"}]}