{"vulnerability": "CVE-2022-47187", "sightings": [{"uuid": "683f008e-39e4-40b7-8f3f-e8de6e389a3a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47187", "type": "published-proof-of-concept", "source": "https://t.me/ETHICALHACKERSCOMMUNITY2/2163", "content": "Thunderstorm is a modular framework to exploit UPS devices.  For now, only the CS-141 and NetMan 204 exploits will be available. The beta version of the framework will be released on the future.\n  CVE  Thunderstorm is currently capable of exploiting the following CVE:    CVE-2022-47186 \u2013 Unrestricted file Upload # [CS-141]  CVE-2022-47187 \u2013 Cross-Site Scripting via File upload # [CS-141]  CVE-2022-47188 \u2013 Arbitrary local file read via file upload # [CS-141]  CVE-2022-47189 \u2013 Denial of Service via file upload # [CS-141]  CVE-2022-47190 \u2013 Remote Code Execution (https://www.kitploit.com/search/label/Remote%20Code%20Execution) via file upload # [CS-141]  CVE-2022-47191 \u2013 Privilege Escalation (https://www.kitploit.com/search/label/Privilege%20Escalation) via file upload # [CS-141]  CVE-2022-47192 \u2013 Admin password reset via file upload # [CS-141]  CVE-2022-47891 \u2013 Admin password reset # [NetMan 204]  CVE-2022-47892 \u2013 Sensitive Information Disclosure (https://www.kitploit.com/search/label/Information%20Disclosure) # [NetMan 204]  CVE-2022-47893 \u2013 Remote Code Execution via file upload # [NetMan 204]    Requirements    Python 3  Install requirements.txt    Download  It is recommended to clone the complete repository or download the zip file.  You can do this by running the following command:  git clone https://github.com/JoelGMSec/Thunderstorm\n  Also, you probably need to download the original and the custom firmware.  You can download all requirements from here:  https://darkbyte.net/links/thunderstorm.php  Usage  - To be disclosed\n\n  The detailed guide of use can be found at the following link:    To be disclosed    License  This project is licensed under the GNU 3.0 license - see the LICENSE file for more details.  Credits and Acknowledgments  This tool has been created and designed from scratch by Joel G\u00e1mez Molina // @JoelGMSec  Contact  This software does not offer any kind of guarantee. Its use is exclusive for educational environments and / or security audits with the corresponding consent of the client. I am not responsible for its misuse or for any possible damage caused by it.  For more information, you can find me on Twitter as @JoelGMSec (https://twitter.com/JoelGMSec) and on my blog darkbyte.net (https://darkbyte.net/).  \n\nDownload Thunderstorm (https://github.com/JoelGMSec/Thunderstorm)", "creation_timestamp": "2023-03-06T18:07:35.000000Z"}, {"uuid": "443d4f62-a44d-4205-9dea-2cb9ba37639d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47187", "type": "seen", "source": "https://t.me/cibsecurity/71195", "content": "\u203c CVE-2022-47187 \u203c\n\nThere is a file upload XSS vulnerability in Generex CS141 below 2.06 version. The web application allows file uploading, making it possible to upload a file with HTML content. When HTML files are allowed, XSS payload can be injected into the uploaded file.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-17T01:10:29.000000Z"}]}