{"vulnerability": "CVE-2022-4137", "sightings": [{"uuid": "f81c50bb-970b-45e9-a40b-3d3df2364acd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4137", "type": "seen", "source": "https://t.me/cibsecurity/71017", "content": "\u203c CVE-2022-4137 \u203c\n\nA reflected cross-site scripting (XSS) vulnerability was found in the 'oob' OAuth endpoint due to incorrect null-byte handling. This issue allows a malicious link to insert an arbitrary URI into a Keycloak error page. This flaw requires a user or administrator to interact with a link in order to be vulnerable. This may compromise user details, allowing it to be changed or collected by an attacker.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-26T00:34:30.000000Z"}, {"uuid": "2c809dfd-fcf6-4577-94aa-838b235762ab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4137", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lwwto35toi2m", "content": "", "creation_timestamp": "2025-08-21T21:02:36.491354Z"}, {"uuid": "c2897259-f6e1-4b08-bc5f-1187323e1c3c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41376", "type": "seen", "source": "https://t.me/cibsecurity/51134", "content": "\u203c CVE-2022-41376 \u203c\n\nMetro UI v4.4.0 to v4.5.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the Javascript function.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-11T20:26:10.000000Z"}, {"uuid": "f9460903-78a3-4169-af87-4b7bdc9c08fb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41378", "type": "seen", "source": "https://t.me/cibsecurity/51002", "content": "\u203c CVE-2022-41378 \u203c\n\nOnline Pet Shop We App v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /pet_shop/admin/?page=inventory/manage_inventory.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-07T22:17:31.000000Z"}, {"uuid": "c7f214c5-6144-4dc9-912b-49d804f12897", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41377", "type": "seen", "source": "https://t.me/cibsecurity/51011", "content": "\u203c CVE-2022-41377 \u203c\n\nOnline Pet Shop We App v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /pet_shop/admin/?page=maintenance/manage_category.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-07T22:17:46.000000Z"}, {"uuid": "87d75afc-dfac-4713-94b8-f54821896c3c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41379", "type": "seen", "source": "https://t.me/cibsecurity/51017", "content": "\u203c CVE-2022-41379 \u203c\n\nAn arbitrary file upload vulnerability in the component /leave_system/classes/Users.php?f=save of Online Leave Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-07T22:17:54.000000Z"}]}