{"vulnerability": "CVE-2022-4236", "sightings": [{"uuid": "08658982-f472-4e60-87ff-2d059b93d7a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42367", "type": "seen", "source": "https://t.me/cibsecurity/54724", "content": "\u203c CVE-2022-42367 \u203c\n\nAdobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-16T18:34:40.000000Z"}, {"uuid": "7050e4e6-ac7e-41a7-81f0-0f7266c8a18e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42363", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3m6bew4trwm2x", "content": "", "creation_timestamp": "2025-11-23T03:34:09.899777Z"}, {"uuid": "cd32404b-c25c-49b6-a53a-8974b343c520", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4236", "type": "seen", "source": "https://t.me/arpsyndicate/167", "content": "#ExploitObserverAlert\n\nCVE-2022-4236\n\nDESCRIPTION: Exploit Observer has 1 entries related to CVE-2022-4236. The Welcart e-Commerce WordPress plugin before 2.8.5 does not validate user input before using it to output the content of a file via an AJAX action available to any authenticated users, which could allow users with a role as low as subscriber to read arbitrary files on the server.\n\nFIRST-EPSS: 0.000490000\nNVD-IS: 3.6\nNVD-ES: 2.8", "creation_timestamp": "2023-11-13T19:56:56.000000Z"}, {"uuid": "b1bda064-8680-4056-bc20-efdc6bd1c5d5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42364", "type": "seen", "source": "https://t.me/cibsecurity/54922", "content": "\u203c CVE-2022-42364 \u203c\n\nAdobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-19T22:27:59.000000Z"}, {"uuid": "eb042c1d-162c-4f20-93c1-64831097829e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4236", "type": "seen", "source": "https://t.me/cibsecurity/55766", "content": "\u203c CVE-2022-4236 \u203c\n\nThe Welcart e-Commerce WordPress plugin before 2.8.5 does not validate user input before using it to output the content of a file via an AJAX action available to any authenticated users, which could allow users with a role as low as subscriber to read arbitrary files on the server.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-03T00:17:05.000000Z"}, {"uuid": "6addf817-d6f0-4b7f-9524-6e28db35d231", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42365", "type": "seen", "source": "https://t.me/cibsecurity/54896", "content": "\u203c CVE-2022-42365 \u203c\n\nAdobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-19T22:21:52.000000Z"}, {"uuid": "c3489ee9-bb0a-4894-a705-0b53cad39ccb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42362", "type": "seen", "source": "https://t.me/cibsecurity/54911", "content": "\u203c CVE-2022-42362 \u203c\n\nAdobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-19T22:23:22.000000Z"}]}