{"vulnerability": "CVE-2022-3001", "sightings": [{"uuid": "ada663dc-1643-40a5-ab2b-b2003c39ca0b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-30015", "type": "seen", "source": "https://t.me/cibsecurity/43201", "content": "\u203c CVE-2022-30015 \u203c\n\nIn Simple Food Website 1.0, a moderation can put the Cross Site Scripting Payload in any of the fields on http://127.0.0.1:1234/food/admin/all_users.php like Full Username, etc .This causes stored xss.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-24T03:23:22.000000Z"}, {"uuid": "9301f6fc-1fa4-421d-8613-2cb855f4e82e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-30013", "type": "seen", "source": "https://t.me/cibsecurity/42742", "content": "\u203c CVE-2022-30013 \u203c\n\nA stored cross-site scripting (XSS) vulnerability in the upload function of totaljs CMS 3.4.5 allows attackers to execute arbitrary web scripts via a JavaScript embedded PDF file.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-16T18:26:35.000000Z"}, {"uuid": "edae9db0-faf6-41db-b535-defc2b5deceb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-30017", "type": "seen", "source": "https://t.me/cibsecurity/43179", "content": "\u203c CVE-2022-30017 \u203c\n\nRescue Dispatch Management System 1.0 suffers from Stored XSS, leading to admin account takeover via cookie stealing.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-23T20:41:59.000000Z"}, {"uuid": "f9a5a547-6442-4243-8ff8-c6d2ecb44033", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-30014", "type": "seen", "source": "https://t.me/cibsecurity/43180", "content": "\u203c CVE-2022-30014 \u203c\n\nLumidek Associates Simple Food Website 1.0 is vulnerable to Cross Site Request Forgery (CSRF) which allows anyone to takeover admin/moderater account.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-23T20:42:00.000000Z"}, {"uuid": "956fbc53-c080-466b-977b-81a744496cb3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-30011", "type": "seen", "source": "https://t.me/cibsecurity/42728", "content": "\u203c CVE-2022-30011 \u203c\n\nIn HMS 1.0 when requesting appointment.php through POST, multiple parameters can lead to a SQL injection vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-16T16:26:20.000000Z"}, {"uuid": "e5979e5b-b77d-46c2-966a-2200f8f4bfc5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-3001", "type": "seen", "source": "https://t.me/cibsecurity/49825", "content": "\u203c CVE-2022-3001 \u203c\n\nThis vulnerability exists in Milesight Video Management Systems (VMS), all firmware versions prior to 40.7.0.79-r1, due to improper input handling at camera\u00e2\u20ac\u2122s web-based management interface. A remote attacker could exploit this vulnerability by sending a specially crafted http request on the targeted network camera. Successful exploitation of this vulnerability could allow the attacker to cause a Denial of Service condition on the targeted device.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-15T18:27:46.000000Z"}, {"uuid": "31c2d7c0-7120-44a7-93cb-8f1e20078345", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-30018", "type": "seen", "source": "https://t.me/cibsecurity/42986", "content": "\u203c CVE-2022-30018 \u203c\n\nMobotix Control Center (MxCC) through 2.5.4.5 has Insufficiently Protected Credentials, Storing Passwords in a Recoverable Format via the MxCC.ini config file. The credential storage method in this software enables an attacker/user of the machine to gain admin access to the software and gain access to recordings/recording locations.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-19T19:58:26.000000Z"}, {"uuid": "01398b03-9d56-4a37-a07f-b86bccbf9e1a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-30012", "type": "seen", "source": "https://t.me/cibsecurity/42729", "content": "\u203c CVE-2022-30012 \u203c\n\nIn the POST request of the appointment.php page of HMS v.0, there are SQL injection vulnerabilities in multiple parameters, and database information can be obtained through injection.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-16T16:26:21.000000Z"}, {"uuid": "fdad2a81-0e56-42cc-af51-bc195c3d32c7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-30016", "type": "seen", "source": "https://t.me/cibsecurity/43181", "content": "\u203c CVE-2022-30016 \u203c\n\nRescue Dispatch Management System 1.0 is vulnerable to Incorrect Access Control via http://localhost/rdms/admin/?page=system_info.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-23T20:42:01.000000Z"}]}