{"vulnerability": "CVE-2022-4217", "sightings": [{"uuid": "54174b35-7409-4b59-ab09-da9ca536c7fc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42175", "type": "seen", "source": "https://t.me/cibsecurity/65944", "content": "\u203c CVE-2022-42175 \u203c\n\nInsecure Direct Object Reference vulnerability in WHMCS module SolusVM 1 4.1.2 allows an attacker to change the password and hostname of other customer servers without authorization.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-05T07:19:54.000000Z"}, {"uuid": "ec4767fb-aea6-4cda-b230-8cb35fa447be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4217", "type": "seen", "source": "https://t.me/cibsecurity/53924", "content": "\u203c CVE-2022-4217 \u203c\n\nThe Chained Quiz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'api_key' parameter in versions up to, and including, 1.3.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative privileges to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-03T00:53:21.000000Z"}, {"uuid": "4fa59e79-d378-4131-be8d-0b54624bd078", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42171", "type": "seen", "source": "https://t.me/cibsecurity/51589", "content": "\u203c CVE-2022-42171 \u203c\n\nTenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/saveParentControlInfo.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-17T18:13:15.000000Z"}, {"uuid": "32eba8b0-f3dc-4aed-8946-22a7cf420250", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42170", "type": "seen", "source": "https://t.me/cibsecurity/51582", "content": "\u203c CVE-2022-42170 \u203c\n\nTenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formWifiWpsStart.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-17T18:13:06.000000Z"}, {"uuid": "2fa773a7-274c-4cb2-a1d1-2a7f0bb11da5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42176", "type": "seen", "source": "https://t.me/cibsecurity/51886", "content": "\u203c CVE-2022-42176 \u203c\n\nIn PCTechSoft PCSecure V5.0.8.xw, use of Hard-coded Credentials in configuration files leads to admin panel access.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-20T18:21:16.000000Z"}]}