{"vulnerability": "CVE-2022-4314", "sightings": [{"uuid": "f1fadee4-4885-4051-bd21-4b4ce9358e6c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43144", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/3180", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aPoC to exploit CVE-2022-43144\nURL\uff1ahttps://github.com/mudassiruddin/CVE-2022-43144-Stored-XSS\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-11-05T21:09:22.000000Z"}, {"uuid": "bfd4cf70-fd59-4c56-ab89-160144f64870", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43143", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/13914", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-43143\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A cross-site scripting (XSS) vulnerability in Beekeeper Studio v3.6.6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the error modal container.\n\ud83d\udccf Published: 2022-11-21T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-29T19:53:02.672Z\n\ud83d\udd17 References:\n1. https://github.com/beekeeper-studio/beekeeper-studio/issues/1393", "creation_timestamp": "2025-04-29T20:12:37.000000Z"}, {"uuid": "14b149cb-199d-47b5-830c-24934bad3835", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43142", "type": "seen", "source": "https://t.me/cibsecurity/53086", "content": "\u203c CVE-2022-43142 \u203c\n\nA cross-site scripting (XSS) vulnerability in the add-fee.php component of Password Storage Application v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cmddept parameter.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-17T22:17:46.000000Z"}, {"uuid": "05566a23-01ee-4b89-955a-2874227d1f3b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43140", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14033", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-43140\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: kkFileView v4.1.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the component cn.keking.web.controller.OnlinePreviewController#getCorsFile. This vulnerability allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the url parameter.\n\ud83d\udccf Published: 2022-11-17T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-30T14:07:01.062Z\n\ud83d\udd17 References:\n1. https://github.com/kekingcn/kkFileView/issues/392", "creation_timestamp": "2025-04-30T14:12:56.000000Z"}, {"uuid": "ab6cd411-3daf-4303-80e3-581f27ae9173", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4314", "type": "seen", "source": "https://t.me/cibsecurity/54349", "content": "\u203c CVE-2022-4314 \u203c\n\nImproper Privilege Management in GitHub repository ikus060/rdiffweb prior to 2.5.2.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-12T20:21:15.000000Z"}, {"uuid": "157f8acd-b741-4e3d-b6a7-70d7640e0703", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43143", "type": "seen", "source": "https://t.me/cibsecurity/53288", "content": "\u203c CVE-2022-43143 \u203c\n\nA cross-site scripting (XSS) vulnerability in Beekeeper Studio v3.6.6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the error modal container.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-22T00:37:20.000000Z"}, {"uuid": "fd04cd42-68e1-4f81-ac92-66a6eb469bac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43140", "type": "seen", "source": "https://t.me/cibsecurity/53072", "content": "\u203c CVE-2022-43140 \u203c\n\nkkFileView v4.1.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the component cn.keking.web.controller.OnlinePreviewController#getCorsFile. This vulnerability allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the url parameter.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-17T20:17:52.000000Z"}, {"uuid": "c0f787fc-e755-4618-b578-0f6c10940878", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43144", "type": "seen", "source": "https://t.me/cibsecurity/52699", "content": "\u203c CVE-2022-43144 \u203c\n\nA cross-site scripting (XSS) vulnerability in Canteen Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-09T02:40:34.000000Z"}, {"uuid": "edd8232d-d41e-4ef9-ae35-5057f4c15a0f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43144", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/7116", "content": "#exploit\n1. CVE-2022-43144:\nXSS vulnerability in Canteen Management System v.1.0\u00a0\nhttps://github.com/mudassiruddin/CVE-2022-43144-Stored-XSS\n\n2. CVE-2022-2586:\ngcc exploit.c -o exploit -lmnl -lnftnl -no-pie -lpthread\nhttps://github.com/sniper404ghostxploit/CVE-2022-2586", "creation_timestamp": "2022-11-07T11:00:17.000000Z"}]}