{"vulnerability": "CVE-2022-4214", "sightings": [{"uuid": "78eeee54-7b16-4ee5-8e8e-7ba4a7b2c83c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42149", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/16418", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-42149\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: kkFileView 4.0 is vulnerable to Server-side request forgery (SSRF) via controller\\OnlinePreviewController.java.\n\ud83d\udccf Published: 2022-10-17T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-14T20:50:37.368Z\n\ud83d\udd17 References:\n1. https://github.com/xiaojiangxl/paper/blob/main/kkFileView/ssrf_vul_en.md", "creation_timestamp": "2025-05-14T21:32:24.000000Z"}, {"uuid": "c0bae914-4a66-46d7-9782-c94278a8b3d9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42147", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/16423", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-42147\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: kkFileView 4.0 is vulnerable to Cross Site Scripting (XSS) via controller\\ Filecontroller.java.\n\ud83d\udccf Published: 2022-10-17T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-14T20:42:42.279Z\n\ud83d\udd17 References:\n1. https://github.com/xiaojiangxl/paper/blob/main/kkFileView/xss_vul_en.md", "creation_timestamp": "2025-05-14T21:32:30.000000Z"}, {"uuid": "4f216b1b-114b-42bc-9436-fa9480eb11d8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42142", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/16426", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-42142\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Online Tours &amp; Travels Management System v1.0 is vulnerable to Arbitrary code execution via ip/tour/admin/operations/update_settings.php.\n\ud83d\udccf Published: 2022-10-17T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-14T20:38:01.451Z\n\ud83d\udd17 References:\n1. https://github.com/xd201qaz/bug_report/blob/main/vendors/mayuri_k/online-tours-travels-management-system/RCE-1.md", "creation_timestamp": "2025-05-14T21:32:33.000000Z"}, {"uuid": "d13c3eed-0df6-4409-8c0d-249661a31215", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42141", "type": "seen", "source": "https://t.me/cibsecurity/54486", "content": "\u203c CVE-2022-42141 \u203c\n\nDelta Electronics DX-2100-L1-CN 2.42 is vulnerable to Cross Site Scripting (XSS) via lform/urlfilter.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-14T02:21:56.000000Z"}, {"uuid": "c2ae7230-4f84-42d0-8d7a-6dfabb3c3283", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42143", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/16425", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-42143\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Open Source SACCO Management System v1.0 is vulnerable to SQL Injection via /sacco_shield/manage_payment.php.\n\ud83d\udccf Published: 2022-10-17T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-14T20:39:06.687Z\n\ud83d\udd17 References:\n1. https://github.com/xd201qaz/bug_report/blob/main/vendors/mayuri_k/open-source-sacco-management-system/SQLi-1.md", "creation_timestamp": "2025-05-14T21:32:32.000000Z"}, {"uuid": "7515c58e-d783-412b-8884-b108dd97ee90", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4214", "type": "seen", "source": "https://t.me/arpsyndicate/70", "content": "#ExploitObserverAlert\n\nCVE-2022-4214\n\nDESCRIPTION: Exploit Observer has 3 entries related to CVE-2022-4214. The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'ip' parameter on the 'chainedquiz_list' page in versions up to, and including, 1.3.2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.\n\nFIRST-EPSS: 0.000720000\nNVD-IS: 2.7\nNVD-ES: 2.8", "creation_timestamp": "2023-11-10T22:38:42.000000Z"}, {"uuid": "e8acc7a8-014c-4563-9ccb-ee025f3706b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42140", "type": "seen", "source": "https://t.me/cibsecurity/54488", "content": "\u203c CVE-2022-42140 \u203c\n\nDelta Electronics DX-2100-L1-CN 2.42 is vulnerable to Command Injection via lform/net_diagnose.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-14T02:21:57.000000Z"}, {"uuid": "1ccc90e4-46bc-42bc-99eb-686b5d2109dd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42149", "type": "seen", "source": "https://t.me/cibsecurity/51643", "content": "\u203c CVE-2022-42149 \u203c\n\nkkFileView 4.0 is vulnerable to Server-side request forgery (SSRF) via controller\\OnlinePreviewController.java.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-18T00:13:39.000000Z"}, {"uuid": "bbdf8269-6d90-47c8-b923-7bf8ccd989ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42142", "type": "seen", "source": "https://t.me/cibsecurity/51645", "content": "\u203c CVE-2022-42142 \u203c\n\nOnline Tours &amp; Travels Management System v1.0 is vulnerable to Arbitrary code execution via ip/tour/admin/operations/update_settings.php.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-18T00:13:40.000000Z"}, {"uuid": "2e20e900-9387-4b50-835f-52c81b24511c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42143", "type": "seen", "source": "https://t.me/cibsecurity/51640", "content": "\u203c CVE-2022-42143 \u203c\n\nOpen Source SACCO Management System v1.0 is vulnerable to SQL Injection via /sacco_shield/manage_payment.php.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-18T00:13:33.000000Z"}, {"uuid": "e5570aa1-51cd-41e8-abc9-3c1fb18f3f71", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42147", "type": "seen", "source": "https://t.me/cibsecurity/51636", "content": "\u203c CVE-2022-42147 \u203c\n\nkkFileView 4.0 is vulnerable to Cross Site Scripting (XSS) via controller\\ Filecontroller.java.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-18T00:13:29.000000Z"}]}