{"vulnerability": "CVE-2022-4369", "sightings": [{"uuid": "ddaf6c64-6885-4180-9fbe-79f91679d836", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43694", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/14052", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-43694\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS in the image manipulation library due to un-sanitized output.\n\ud83d\udccf Published: 2022-11-14T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-30T15:07:29.250Z\n\ud83d\udd17 References:\n1. https://github.com/concretecms/concretecms/releases/9.1.3\n2. https://github.com/concretecms/concretecms/releases/8.5.10\n3. https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes\n4. https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes\n5. https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31", "creation_timestamp": "2025-04-30T15:13:33.000000Z"}, {"uuid": "ca21728f-d754-4b62-b001-7dd78bfd466a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43693", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/14050", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-43693\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Concrete CMS is vulnerable to CSRF due to the lack of \"State\" parameter for external Concrete authentication service for users of Concrete who use the \"out of the box\" core OAuth.\n\ud83d\udccf Published: 2022-11-14T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-30T15:09:16.135Z\n\ud83d\udd17 References:\n1. https://github.com/concretecms/concretecms/releases/9.1.3\n2. https://github.com/concretecms/concretecms/releases/8.5.10\n3. https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes\n4. https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes\n5. https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31", "creation_timestamp": "2025-04-30T15:13:31.000000Z"}, {"uuid": "a7b6a24d-848e-4b66-a4a6-456225ed424e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43698", "type": "seen", "source": "https://t.me/cibsecurity/62212", "content": "\u203c CVE-2022-43698 \u203c\n\nOX App Suite before 7.10.6-rev30 allows SSRF because changing a POP3 account disregards the deny-list.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-15T07:26:30.000000Z"}, {"uuid": "70907406-e418-4749-925a-ae50b8c74942", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4369", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/11311", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-4369\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The WP-Lister Lite for Amazon WordPress plugin before 2.4.4 does not sanitize and escapes a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which can be used against high-privilege users such as admin.\n\ud83d\udccf Published: 2023-01-02T21:49:33.453Z\n\ud83d\udccf Modified: 2025-04-10T18:37:17.812Z\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/460a01e5-7ce5-4d49-b068-a93ea1fba0e3", "creation_timestamp": "2025-04-10T18:49:27.000000Z"}, {"uuid": "f21f66ea-0a95-4f3f-a5e2-f7536e0d27a6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4369", "type": "seen", "source": "https://t.me/cibsecurity/55752", "content": "\u203c CVE-2022-4369 \u203c\n\nThe WP-Lister Lite for Amazon WordPress plugin before 2.4.4 does not sanitize and escapes a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which can be used against high-privilege users such as admin.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-04T11:55:22.000000Z"}, {"uuid": "a83faebe-4f07-4b94-aa83-2ba54d6d4013", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43699", "type": "seen", "source": "https://t.me/cibsecurity/62209", "content": "\u203c CVE-2022-43699 \u203c\n\nOX App Suite before 7.10.6-rev30 allows SSRF because e-mail account discovery disregards the deny-list and thus can be attacked by an adversary who controls the DNS records of an external domain (found in the host part of an e-mail address).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-15T07:26:27.000000Z"}, {"uuid": "7e428901-f957-4c97-8c37-ab2a23ecd59e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43697", "type": "seen", "source": "https://t.me/cibsecurity/62206", "content": "\u203c CVE-2022-43697 \u203c\n\nOX App Suite before 7.10.6-rev30 allows XSS via an activity tracking adapter defined by jslob.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-15T07:26:21.000000Z"}, {"uuid": "f957d015-9f30-4809-9480-5b291b40e6f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43696", "type": "seen", "source": "https://t.me/cibsecurity/62205", "content": "\u203c CVE-2022-43696 \u203c\n\nOX App Suite before 7.10.6-rev20 allows XSS via upsell ads.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-15T07:26:20.000000Z"}, {"uuid": "27a57f2a-e013-42e8-b74f-55915f3dc4b9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43693", "type": "seen", "source": "https://t.me/cibsecurity/52973", "content": "\u203c CVE-2022-43693 \u203c\n\nConcrete CMS is vulnerable to CSRF due to the lack of \"State\" parameter for external Concrete authentication service for users of Concrete who use the \"out of the box\" core OAuth.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-16T07:51:40.000000Z"}]}