{"vulnerability": "CVE-2022-2723", "sightings": [{"uuid": "e121708f-4e45-4578-a683-5b78f3920ed7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-27231", "type": "seen", "source": "https://t.me/cibsecurity/44246", "content": "\u203c CVE-2022-27231 \u203c\n\nCross-site scripting vulnerability exists in WP Statistics versions prior to 13.2.0 because it improperly processes a platform parameter. By exploiting this vulnerability, an arbitrary script may be executed on the web browser of the user who is logging in to the website using the product.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-13T12:17:38.000000Z"}, {"uuid": "cdc1605f-de8a-4ba7-93a2-ef979d5be329", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-27237", "type": "seen", "source": "https://t.me/cibsecurity/41217", "content": "\u203c CVE-2022-27237 \u203c\n\nThere is a cross-site scripting (XSS) vulnerability in an NI Web Server component installed with several NI products. Depending on the product(s) in use, remediation guidance includes: install SystemLink version 2021 R3 or later, install FlexLogger 2022 Q2 or later, install LabVIEW 2021 SP1, install G Web Development 2022 R1 or later, or install Static Test Software Suite version 1.2 or later.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-21T12:26:34.000000Z"}, {"uuid": "1adfa000-e2f2-47bb-992f-085d41b60b10", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-2723", "type": "seen", "source": "https://t.me/cibsecurity/47772", "content": "\u203c CVE-2022-2723 \u203c\n\nA vulnerability was found in SourceCodester Employee Management System. It has been classified as critical. Affected is an unknown function of the file /process/eprocess.php. The manipulation of the argument mailuid/pwd leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-205836.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-06-04T02:09:17.000000Z"}, {"uuid": "1deccae3-1bab-4645-8ef6-c7ed9aa134d2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-27239", "type": "seen", "source": "https://t.me/cibsecurity/41503", "content": "\u203c CVE-2022-27239 \u203c\n\nIn cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-27T18:13:16.000000Z"}, {"uuid": "71e43320-5174-4f8d-ad91-80e46b9c0923", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-27234", "type": "seen", "source": "https://t.me/cibsecurity/58394", "content": "\u203c CVE-2022-27234 \u203c\n\nServer-side request forgery in the CVAT software maintained by Intel(R) before version 2.0.1 may allow an authenticated user to potentially enable information disclosure via network access.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-17T00:12:42.000000Z"}, {"uuid": "2d5b3e8a-0398-4fc8-ac1c-4d61bd4c8b9a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-27235", "type": "seen", "source": "https://t.me/cibsecurity/46826", "content": "\u203c CVE-2022-27235 \u203c\n\nMultiple Broken Access Control vulnerabilities in Social Share Buttons by Supsystic plugin <= 2.2.3 at WordPress.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-22T20:23:32.000000Z"}, {"uuid": "93fce2a2-efaa-4d7e-a418-e4748c99257a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-27238", "type": "seen", "source": "https://t.me/cibsecurity/45115", "content": "\u203c CVE-2022-27238 \u203c\n\nBigBlueButton version 2.4.7 (or earlier) is vulnerable to stored Cross-Site Scripting (XSS) in the private chat functionality. A threat actor could inject JavaScript payload in his/her username. The payload gets executed in the browser of the victim each time the attacker sends a private message to the victim or when notification about the attacker leaving room is displayed.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-24T20:31:21.000000Z"}]}