{"vulnerability": "cve-2022-4710", "sightings": [{"uuid": "9ea6c75c-12ac-4289-9467-6567fb25a1a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47100", "type": "seen", "source": "https://t.me/cibsecurity/57013", "content": "\u203c CVE-2022-47100 \u203c\n\nA vulnerability in Sengled Smart bulb 0x0000024 allows attackers to arbitrarily perform a factory reset on the device via a crafted IEEE 802.15.4 frame.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-27T00:47:08.000000Z"}, {"uuid": "0557db9c-a8d1-448d-aab0-9d1679d36fb4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4710", "type": "seen", "source": "https://t.me/cibsecurity/56241", "content": "\u203c CVE-2022-4710 \u203c\n\nThe Royal Elementor Addons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.3.59, due to due to insufficient input sanitization and output escaping of the 'wpr_ajax_search_link_target' parameter in the 'data_fetch' function. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. This is occurring because 'sanitize_text_field' is insufficient to prevent attribute-based Cross-Site Scripting\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-10T20:28:34.000000Z"}, {"uuid": "fdb80765-855e-43ff-a7c6-784700c74719", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47102", "type": "seen", "source": "https://t.me/cibsecurity/56452", "content": "\u203c CVE-2022-47102 \u203c\n\nA cross-site scripting (XSS) vulnerability in Student Study Center Management System V 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-13T00:30:31.000000Z"}, {"uuid": "28d28289-0e8c-486d-a5dd-8f575dcb1a9f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47105", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/10308", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-47105\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Jeecg-boot v3.4.4 was discovered to contain a SQL injection vulnerability via the component /sys/dict/queryTableData.\n\ud83d\udccf Published: 2023-01-19T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-03T18:04:07.526Z\n\ud83d\udd17 References:\n1. https://github.com/jeecgboot/jeecg-boot/issues/4393", "creation_timestamp": "2025-04-03T18:35:40.000000Z"}]}