{"vulnerability": "CVE-2022-4307", "sightings": [{"uuid": "ac6f8a73-d2ab-4913-a50e-9a49211369b3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4307", "type": "seen", "source": "https://t.me/cibsecurity/56834", "content": "\u203c CVE-2022-4307 \u203c\n\nThe ?????? ?????? ?????? WordPress plugin before 2.9.3 does not sanitise and escape some parameters, allowing unauthenticated attackers to send a request with XSS payloads, which will be triggered when a high privilege users such as admin visits a page from the plugin.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-23T18:25:00.000000Z"}, {"uuid": "92e3c93b-e524-46ce-a85f-b85030de5fdd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4307", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/10099", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-4307\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The \u067e\u0644\u0627\u06af\u06cc\u0646 \u067e\u0631\u062f\u0627\u062e\u062a \u062f\u0644\u062e\u0648\u0627\u0647 WordPress plugin before 2.9.3 does not sanitise and escape some parameters, allowing unauthenticated attackers to send a request with XSS payloads, which will be triggered when a high privilege users such as admin visits a page from the plugin.\n\ud83d\udccf Published: 2023-01-23T14:31:29.119Z\n\ud83d\udccf Modified: 2025-04-02T15:24:55.434Z\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/4000ba69-d73f-4c5b-a299-82898304cebb", "creation_timestamp": "2025-04-02T15:33:27.000000Z"}, {"uuid": "e32feba3-373b-4849-b7bd-97f018a92d82", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43071", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14104", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-43071\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A stack overflow in the Catalog::readPageLabelTree2(Object*) function of XPDF v4.04 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.\n\ud83d\udccf Published: 2022-11-15T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-30T18:01:31.596Z\n\ud83d\udd17 References:\n1. https://forum.xpdfreader.com/viewtopic.php?f=3&t=42349&p=43959#p43959", "creation_timestamp": "2025-04-30T18:14:08.000000Z"}, {"uuid": "f2860dcd-7e29-468e-94f7-d9f45619bc9f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43076", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14901", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-43076\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A cross-site scripting (XSS) vulnerability in /admin/edit-admin.php of Web-Based Student Clearance System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the txtemail parameter.\n\ud83d\udccf Published: 2022-11-01T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-05T16:13:21.359Z\n\ud83d\udd17 References:\n1. https://github.com/Tr0e/CVE_Hunter/blob/main/XSS-1.md", "creation_timestamp": "2025-05-05T16:19:49.000000Z"}, {"uuid": "d9ed07ee-494a-4690-8698-2a520daf3ab3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43078", "type": "seen", "source": "https://t.me/cibsecurity/52383", "content": "\u203c CVE-2022-43078 \u203c\n\nA cross-site scripting (XSS) vulnerability in /admin/add-fee.php of Web-Based Student Clearance System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cmddept parameter.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-01T17:14:03.000000Z"}, {"uuid": "0f3efc93-b11a-4d1f-b093-62fe3e208cf2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43079", "type": "seen", "source": "https://t.me/cibsecurity/52375", "content": "\u203c CVE-2022-43079 \u203c\n\nA cross-site scripting (XSS) vulnerability in /admin/add-fee.php of Train Scheduler App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cmddept parameter.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-01T17:13:52.000000Z"}, {"uuid": "e1ebd95b-b378-4dc5-bc2a-20935d9110fc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43076", "type": "seen", "source": "https://t.me/cibsecurity/52372", "content": "\u203c CVE-2022-43076 \u203c\n\nA cross-site scripting (XSS) vulnerability in /admin/edit-admin.php of Web-Based Student Clearance System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the txtemail parameter.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-01T17:13:46.000000Z"}, {"uuid": "2bd7a9c4-c31d-488a-b041-ad1403bdabe6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43074", "type": "seen", "source": "https://t.me/cibsecurity/52863", "content": "\u203c CVE-2022-43074 \u203c\n\nAyaCMS v3.1.2 was discovered to contain an arbitrary file upload vulnerability via the component /admin/fst_upload.inc.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-13T05:39:08.000000Z"}]}