{"vulnerability": "CVE-2022-2168", "sightings": [{"uuid": "4c3a24ef-832c-4a7b-94dc-ffa1db602a7e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-2168", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2022/CVE-2022-2168.yaml", "content": "", "creation_timestamp": "2025-04-06T08:48:29.000000Z"}, {"uuid": "cb7db6e1-cb57-46dd-baa6-f2f61bd8470a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-2168", "type": "seen", "source": "https://t.me/cibsecurity/46384", "content": "\u203c CVE-2022-2168 \u203c\n\nThe Download Manager WordPress plugin before 3.2.44 does not escape a generated URL before outputting it back in an attribute of the history dashboard, leading to Reflected Cross-Site Scripting\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-17T14:27:41.000000Z"}, {"uuid": "6e95de2d-bb42-4e1a-93e7-c30119725965", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-21686", "type": "seen", "source": "https://t.me/cibsecurity/36340", "content": "\u203c CVE-2022-21686 \u203c\n\nPrestaShop is an Open Source e-commerce platform. Starting with version 1.7.0.0 and ending with version 1.7.8.3, an attacker is able to inject twig code inside the back office when using the legacy layout. The problem is fixed in version 1.7.8.3. There are no known workarounds.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-26T22:19:50.000000Z"}, {"uuid": "74d590b1-3552-4923-8a33-d4883869ed27", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-21689", "type": "seen", "source": "https://t.me/cibsecurity/35753", "content": "\u203c CVE-2022-21689 \u203c\n\nOnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions the receive mode limits concurrent uploads to 100 per second and blocks other uploads in the same second, which can be triggered by a simple script. An adversary with access to the receive mode can block file upload for others. There is no way to block this attack in public mode due to the anonymity properties of the tor network.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-19T00:25:03.000000Z"}, {"uuid": "580a0bbb-6429-46f0-8f80-f07ffb22bba8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-21688", "type": "seen", "source": "https://t.me/cibsecurity/35750", "content": "\u203c CVE-2022-21688 \u203c\n\nOnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. Affected versions of the desktop application were found to be vulnerable to denial of service via an undisclosed vulnerability in the QT image parsing. Roughly 20 bytes lead to 2GB memory consumption and this can be triggered multiple times. To be abused, this vulnerability requires rendering in the history tab, so some user interaction is required. An adversary with knowledge of the Onion service address in public mode or with authentication in private mode can perform a Denial of Service attack, which quickly results in out-of-memory for the server. This requires the desktop application with rendered history, therefore the impact is only elevated. This issue has been patched in version 2.5.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-19T00:24:59.000000Z"}, {"uuid": "f4606338-a5b0-46cb-b7d0-b3a47fff16c2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-21689", "type": "seen", "source": "https://t.me/kasraone_com/464", "content": "\ud83d\udd34 CVE-2022-21689: OnionShare\n\n\u06cc\u06a9 \u0627\u0628\u0632\u0627\u0631 \u0645\u0646\u0628\u0639 \u0628\u0627\u0632 \u0627\u0633\u062a \u06a9\u0647 \u0628\u0647 \u0634\u0645\u0627 \u0627\u0645\u06a9\u0627\u0646 \u0645\u06cc\u200c\u062f\u0647\u062f \u0628\u0647 \u0635\u0648\u0631\u062a \u0627\u0645\u0646 \u0648 \u0646\u0627\u0634\u0646\u0627\u0633 \u0641\u0627\u06cc\u0644\u200c\u0647\u0627 \u0631\u0627 \u0628\u0647 \u0627\u0634\u062a\u0631\u0627\u06a9 \u0628\u06af\u0630\u0627\u0631\u06cc\u062f\u060c \u0648\u0628\u0633\u0627\u06cc\u062a\u200c\u0647\u0627 \u0631\u0627 \u0645\u06cc\u0632\u0628\u0627\u0646\u06cc \u06a9\u0646\u06cc\u062f \u0648 \u0628\u0627 \u062f\u0648\u0633\u062a\u0627\u0646 \u062e\u0648\u062f \u0628\u0627 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u0634\u0628\u06a9\u0647 \u062a\u0648\u0631 \u0686\u062a \u06a9\u0646\u06cc\u062f. \u062f\u0631 \u0646\u0633\u062e\u0647\u200c\u0647\u0627\u06cc \u062a\u062d\u062a \u062a\u0623\u062b\u06cc\u0631\u060c \u062d\u0627\u0644\u062a \u062f\u0631\u06cc\u0627\u0641\u062a \u0645\u062d\u062f\u0648\u062f\u06cc\u062a \u0622\u067e\u0644\u0648\u062f \u0647\u0645\u0632\u0645\u0627\u0646 \u0631\u0627 \u0628\u0647 \u06f1\u06f0\u06f0 \u062f\u0631 \u062b\u0627\u0646\u06cc\u0647 \u0642\u0631\u0627\u0631 \u0645\u06cc\u200c\u062f\u0647\u062f \u0648 \u0622\u067e\u0644\u0648\u062f \u062f\u06cc\u06af\u0631 \u0631\u0627 \u062f\u0631 \u0647\u0645\u0627\u0646 \u062b\u0627\u0646\u06cc\u0647 \u0645\u0633\u062f\u0648\u062f \u0645\u06cc\u200c\u06a9\u0646\u062f\u060c \u06a9\u0647 \u0645\u0645\u06a9\u0646 \u0627\u0633\u062a \u062a\u0648\u0633\u0637 \u06cc\u06a9 \u0627\u0633\u06a9\u0631\u06cc\u067e\u062a \u0633\u0627\u062f\u0647 \u0641\u0639\u0627\u0644 \u0634\u0648\u062f. \u06cc\u06a9 \u062d\u0631\u06cc\u0641 \u0628\u0627 \u062f\u0633\u062a\u0631\u0633\u06cc \u0628\u0647 \u062d\u0627\u0644\u062a \u062f\u0631\u06cc\u0627\u0641\u062a \u0645\u0645\u06a9\u0646 \u0627\u0633\u062a \u0628\u0627\u0631\u06af\u0630\u0627\u0631\u06cc \u0641\u0627\u06cc\u0644 \u0628\u0631\u0627\u06cc \u062f\u06cc\u06af\u0631\u0627\u0646 \u0631\u0627 \u0645\u0633\u062f\u0648\u062f \u06a9\u0646\u062f. \u062f\u0631 \u062d\u0627\u0644\u062a \u0639\u0645\u0648\u0645\u06cc\u060c \u0628\u0647 \u062f\u0644\u0627\u06cc\u0644 \u0646\u0627\u0634\u0646\u0627\u0633 \u0628\u0648\u062f\u0646 \u0634\u0628\u06a9\u0647 \u062a\u0648\u0631\u060c \u0647\u064a\u0686 \u0631\u0627\u0647\u064a \u0628\u0631\u0627\u06cc \u062c\u0644\u0648\u06af\u064a\u0631\u064a \u0627\u0632 \u0627\u064a\u0646 \u062d\u0645\u0644\u0627\u062a \u0648\u062c\u0648\u062f \u0646\u062f\u0627\u0631\u062f.", "creation_timestamp": "2023-08-17T05:03:10.000000Z"}, {"uuid": "e31f9a40-daa9-4641-9f42-8e35b9f83f6d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-21681", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/12954", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-21681\n\ud83d\udd25 CVSS Score: 7.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\ud83d\udd39 Description: Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression `inline.reflinkSearch` may cause catastrophic backtracking against some strings and lead to a denial of service (DoS). Anyone who runs untrusted markdown through a vulnerable version of marked and does not use a worker with a time limit may be affected. This issue is patched in version 4.0.10. As a workaround, avoid running untrusted markdown through marked or run marked on a worker thread and set a reasonable time limit to prevent draining resources.\n\ud83d\udccf Published: 2022-01-14T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-22T18:33:29.916Z\n\ud83d\udd17 References:\n1. https://github.com/markedjs/marked/security/advisories/GHSA-5v2h-r2cx-5xgj\n2. https://github.com/markedjs/marked/commit/8f806573a3f6c6b7a39b8cdb66ab5ebb8d55a5f5\n3. https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AIXDMC3CSHYW3YWVSQOXAWLUYQHAO5UX/", "creation_timestamp": "2025-04-22T19:03:49.000000Z"}, {"uuid": "3407fa55-3a12-4e07-ab03-b3a85eed6137", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-21680", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/12953", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-21680\n\ud83d\udd25 CVSS Score: 7.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\ud83d\udd39 Description: Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression `block.def` may cause catastrophic backtracking against some strings and lead to a regular expression denial of service (ReDoS). Anyone who runs untrusted markdown through a vulnerable version of marked and does not use a worker with a time limit may be affected. This issue is patched in version 4.0.10. As a workaround, avoid running untrusted markdown through marked or run marked on a worker thread and set a reasonable time limit to prevent draining resources.\n\ud83d\udccf Published: 2022-01-14T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-22T18:33:37.402Z\n\ud83d\udd17 References:\n1. https://github.com/markedjs/marked/security/advisories/GHSA-rrrm-qjm4-v8hf\n2. https://github.com/markedjs/marked/commit/c4a3ccd344b6929afa8a1d50ac54a721e57012c0\n3. https://github.com/markedjs/marked/releases/tag/v4.0.10\n4. https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AIXDMC3CSHYW3YWVSQOXAWLUYQHAO5UX/", "creation_timestamp": "2025-04-22T19:03:49.000000Z"}, {"uuid": "b9fd45aa-af76-44bd-ae6b-ed2ec01bc1a1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-21680", "type": "seen", "source": "https://t.me/cibsecurity/35571", "content": "\u203c CVE-2022-21680 \u203c\n\nMarked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression `block.def` may cause catastrophic backtracking against some strings and lead to a regular expression denial of service (ReDoS). Anyone who runs untrusted markdown through a vulnerable version of marked and does not use a worker with a time limit may be affected. This issue is patched in version 4.0.10. As a workaround, avoid running untrusted markdown through marked or run marked on a worker thread and set a reasonable time limit to prevent draining resources.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-14T21:03:40.000000Z"}]}