{"vulnerability": "CVE-2022-3587", "sightings": [{"uuid": "0012f4d8-c97b-4915-a3fe-019fe511d017", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-3587", "type": "seen", "source": "https://t.me/cibsecurity/51662", "content": "\u203c CVE-2022-3587 \u203c\n\nA vulnerability was found in SourceCodester Simple Cold Storage Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component My Account. The manipulation of the argument First Name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-211201 was assigned to this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-18T16:13:58.000000Z"}, {"uuid": "bcb31b76-97f0-4864-9ebb-4bdff5e1ffcf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-35872", "type": "seen", "source": "https://t.me/cibsecurity/46960", "content": "\u203c CVE-2022-35872 \u203c\n\nThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ZIP files. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-17115.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-25T22:33:32.000000Z"}, {"uuid": "a8418757-dd7b-4a4d-9351-09a9b87efbb4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-35870", "type": "seen", "source": "https://t.me/cibsecurity/46959", "content": "\u203c CVE-2022-35870 \u203c\n\nThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within com.inductiveautomation.metro.impl. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-17265.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-25T22:33:31.000000Z"}, {"uuid": "9a99df03-933b-4433-87b0-793ed3d68a6a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-35873", "type": "seen", "source": "https://t.me/cibsecurity/46958", "content": "\u203c CVE-2022-35873 \u203c\n\nThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of ZIP files. Crafted data in a ZIP file can cause the application to execute arbitrary Python scripts. The user interface fails to provide sufficient indication of the hazard. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-16949.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-25T22:33:29.000000Z"}, {"uuid": "f0692e7c-83a5-4f65-b1cb-336df86999f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-35871", "type": "seen", "source": "https://t.me/cibsecurity/46948", "content": "\u203c CVE-2022-35871 \u203c\n\nThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). Authentication is not required to exploit this vulnerability. The specific flaw exists within the authenticateAdSso method. The issue results from the lack of authentication prior to allowing the execution of python code. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-17206.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-25T22:33:17.000000Z"}]}