{"vulnerability": "CVE-2022-2957", "sightings": [{"uuid": "75d05a5a-3712-46f2-8a2c-1b8d75774853", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-29578", "type": "seen", "source": "https://t.me/cibsecurity/45104", "content": "\u203c CVE-2022-29578 \u203c\n\nMeridian Cooperative Utility Software versions 22.02 and 22.03 allows remote attackers to obtain sensitive information such as name, address, and daily energy usage.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-24T20:31:08.000000Z"}, {"uuid": "820d9c4e-19c9-42ed-be4d-3f418d218f8e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-29577", "type": "seen", "source": "https://t.me/cibsecurity/41294", "content": "\u203c CVE-2022-29577 \u203c\n\nOWASP AntiSamy before 1.6.7 allows XSS via HTML tag smuggling on STYLE content with crafted input. The output serializer does not properly encode the supposed Cascading Style Sheets (CSS) content. NOTE: this issue exists because of an incomplete fix for CVE-2022-28367.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-22T02:27:09.000000Z"}, {"uuid": "a881a61d-4543-43c5-9e1a-95b2dad009d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-29577", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lwrspzui2225", "content": "", "creation_timestamp": "2025-08-19T21:02:27.036604Z"}, {"uuid": "18dba0fb-370f-494a-a6eb-bfbd60bd3a85", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-2957", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11805", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-2957\n\ud83d\udd25 CVSS Score: 6.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)\n\ud83d\udd39 Description: A vulnerability classified as critical was found in SourceCodester Simple and Nice Shopping Cart Script. Affected by this vulnerability is an unknown functionality of the file /mkshop/Men/profile.php. The manipulation of the argument mem_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-207001 was assigned to this vulnerability.\n\ud83d\udccf Published: 2022-08-25T06:10:11.000Z\n\ud83d\udccf Modified: 2025-04-15T13:48:18.683Z\n\ud83d\udd17 References:\n1. https://s1.ax1x.com/2022/08/14/vUSruD.png\n2. https://vuldb.com/?id.207001", "creation_timestamp": "2025-04-15T13:54:26.000000Z"}, {"uuid": "dd463de5-cc1f-4853-9099-10896a04ac15", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-2957", "type": "seen", "source": "https://t.me/cibsecurity/48696", "content": "\u203c CVE-2022-2957 \u203c\n\nA vulnerability classified as critical was found in SourceCodester Simple and Nice Shopping Cart Script. Affected by this vulnerability is an unknown functionality of the file /mkshop/Men/profile.php. The manipulation of the argument mem_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-207001 was assigned to this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-25T12:28:25.000000Z"}]}