{"vulnerability": "CVE-2022-2458", "sightings": [{"uuid": "02cb443c-905b-4bc7-a61f-113fb1e6c704", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-24584", "type": "seen", "source": "https://t.me/cibsecurity/42421", "content": "\u203c CVE-2022-24584 \u203c\n\nIncorrect access control in Yubico OTP functionality of the YubiKey hardware tokens along with the Yubico OTP validation server. The Yubico OTP supposedly creates hardware bound second factor credentials. When a user reprograms the OTP functionality by \"writing\" it on a token using the Yubico Personalization Tool, they can then upload the new configuration to Yubicos OTP validation servers.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-11T22:34:44.000000Z"}, {"uuid": "706ab1e0-48fc-4ed0-a883-040159a9587c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-24588", "type": "seen", "source": "https://t.me/cibsecurity/37501", "content": "\u203c CVE-2022-24588 \u203c\n\nFlatpress v1.2.1 was discovered to contain a cross-site scripting (XSS) vulnerability in the Upload SVG File function.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-15T18:34:37.000000Z"}, {"uuid": "1bb67abd-bce3-47fa-a6e2-d556c799bd3d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-24589", "type": "seen", "source": "https://t.me/cibsecurity/37534", "content": "\u203c CVE-2022-24589 \u203c\n\nBurden v3.0 was discovered to contain a stored cross-site scripting (XSS) in the Add Category function. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the task parameter.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-20T15:24:52.000000Z"}, {"uuid": "04ad0a4f-e7ff-4f05-9259-482239187d24", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-24585", "type": "seen", "source": "https://t.me/cibsecurity/37497", "content": "\u203c CVE-2022-24585 \u203c\n\nA stored cross-site scripting (XSS) vulnerability in the component /core/admin/comment.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the author parameter.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-15T18:34:31.000000Z"}, {"uuid": "926115d7-ca28-4180-b9d7-5f336918bd4c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-24587", "type": "seen", "source": "https://t.me/cibsecurity/37494", "content": "\u203c CVE-2022-24587 \u203c\n\nA stored cross-site scripting (XSS) vulnerability in the component core/admin/medias.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-15T18:34:27.000000Z"}, {"uuid": "a2f84cd3-a0ca-4aae-a306-6d3339011417", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-24586", "type": "seen", "source": "https://t.me/cibsecurity/37489", "content": "\u203c CVE-2022-24586 \u203c\n\nA stored cross-site scripting (XSS) vulnerability in the component /core/admin/categories.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the content and thumbnail parameters.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-15T16:34:30.000000Z"}, {"uuid": "e9289ef0-b53d-4fa4-a696-1822c6f128ac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-24582", "type": "seen", "source": "https://t.me/cibsecurity/37999", "content": "\u203c CVE-2022-24582 \u203c\n\nAccounting Journal Management 1.0 is vulnerable to XSS-PHPSESSID-Hijacking. The parameter manage_user from User lists is vulnerable to XSS-Stored and PHPSESSID attacks. The malicious user can attack the system by using the already session which he has from inside and outside of the network.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-24T18:14:52.000000Z"}]}