{"vulnerability": "CVE-2022-4143", "sightings": [{"uuid": "f2106d3f-727c-41d7-96e8-0eb8ae69ffe1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4143", "type": "seen", "source": "https://t.me/cibsecurity/65689", "content": "\u203c CVE-2022-4143 \u203c\n\nAn issue has been discovered in GitLab affecting all versions starting from 15.7 before 15.8.5, from 15.9 before 15.9.4, and from 15.10 before 15.10.1 that allows for crafted, unapproved MRs to be introduced and merged without authorization\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-06-29T00:13:24.000000Z"}, {"uuid": "9247af1f-d15d-40aa-a977-f7b8ce4d3acb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41436", "type": "seen", "source": "https://t.me/cibsecurity/51517", "content": "\u203c CVE-2022-41436 \u203c\n\nAn issue in OXHOO TP50 OXH1.50 allows unauthenticated attackers to access the administrative panel via browsing to the URL http://device_ip/index1.html.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-15T00:29:28.000000Z"}, {"uuid": "46c08725-4ac0-4447-856e-a80458b06882", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41435", "type": "seen", "source": "https://t.me/cibsecurity/52500", "content": "\u203c CVE-2022-41435 \u203c\n\nOpenWRT LuCI version git-22.140.66206-02913be was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /system/sshkeys.js. This vulnerability allows attackers to execute arbitrary web scripts or HTML via crafted public key comments.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-03T15:20:30.000000Z"}, {"uuid": "cc00e4c3-3504-4e48-af52-111313dc19ab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41431", "type": "seen", "source": "https://t.me/cibsecurity/51641", "content": "\u203c CVE-2022-41431 \u203c\n\nxzs v3.8.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /admin/question/edit. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title text field.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-18T00:13:34.000000Z"}, {"uuid": "6e2c6c76-9bb3-4490-912d-5bd64a9afc00", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41437", "type": "seen", "source": "https://t.me/cibsecurity/50768", "content": "\u203c CVE-2022-41437 \u203c\n\nBilling System Project v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the component /php_action/createProduct.php.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-18T05:53:03.000000Z"}, {"uuid": "d22f4d80-d48a-474a-9b68-dfe0a882f3b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41439", "type": "seen", "source": "https://t.me/cibsecurity/50772", "content": "\u203c CVE-2022-41439 \u203c\n\nBilling System Project v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /phpinventory/edituser.php.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-30T18:36:13.000000Z"}]}