{"vulnerability": "CVE-2022-3829", "sightings": [{"uuid": "87c3e963-ff14-44d8-b750-fdd00af0ea6d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-38292", "type": "seen", "source": "https://t.me/cibsecurity/49617", "content": "\u203c CVE-2022-38292 \u203c\n\nSLiMS Senayan Library Management System v9.4.2 was discovered to contain multiple Server-Side Request Forgeries via the components /bibliography/marcsru.php and /bibliography/z3950sru.php.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-13T00:25:00.000000Z"}, {"uuid": "a3d12cc4-2355-419a-bf51-fc9d394d52c0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-38291", "type": "seen", "source": "https://t.me/cibsecurity/49616", "content": "\u203c CVE-2022-38291 \u203c\n\nSLiMS Senayan Library Management System v9.4.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the Search function. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search bar.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-13T00:24:59.000000Z"}, {"uuid": "0a557edc-5249-42dc-914d-233a2e5300ba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-3829", "type": "seen", "source": "https://t.me/ctinow/179873", "content": "https://ift.tt/VvDPF1O\nCVE-2022-3829 | Font Awesome 4 Menus Plugin up to 4.7.0 on WordPress Setting cross site scripting", "creation_timestamp": "2024-02-06T10:11:20.000000Z"}, {"uuid": "6881a03a-29d1-40a8-8fb6-320ba06645ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-38298", "type": "seen", "source": "https://t.me/cibsecurity/49625", "content": "\u203c CVE-2022-38298 \u203c\n\nAppsmith v1.7.11 was discovered to allow attackers to execute an authenticated Server-Side Request Forgery (SSRF) via redirecting incoming requests to the AWS internal metadata endpoint.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-13T02:24:47.000000Z"}, {"uuid": "1c12cab3-23c6-4f3b-890f-1fc2fa28b647", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-38295", "type": "seen", "source": "https://t.me/cibsecurity/49604", "content": "\u203c CVE-2022-38295 \u203c\n\nCuppa CMS v1.0 was discovered to contain a cross-site scripting vulnerability at /table_manager/view/cu_user_groups. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field under the Add New Group function.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-13T00:24:43.000000Z"}, {"uuid": "738f3317-e976-43cf-a5f9-9104a6bb9b3a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-3829", "type": "seen", "source": "https://t.me/ctinow/172131", "content": "https://ift.tt/sLn9zJv\nCVE-2022-3829 Exploit", "creation_timestamp": "2024-01-23T17:16:49.000000Z"}, {"uuid": "a784dcc5-8739-4d70-8775-f50b8881dfd5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-38296", "type": "seen", "source": "https://t.me/cibsecurity/49618", "content": "\u203c CVE-2022-38296 \u203c\n\nCuppa CMS v1.0 was discovered to contain an arbitrary file upload vulnerability via the File Manager.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-13T00:25:01.000000Z"}, {"uuid": "c6e07807-26b6-4726-a535-28ee6f995636", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-38299", "type": "seen", "source": "https://t.me/cibsecurity/49620", "content": "\u203c CVE-2022-38299 \u203c\n\nAn issue in the Elasticsearch plugin of Appsmith v1.7.11 allows attackers to connect disallowed hosts to the AWS/GCP internal metadata endpoint.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-13T02:24:39.000000Z"}, {"uuid": "93922fbb-edfc-4b4e-b760-ea53d0b8022d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-38297", "type": "seen", "source": "https://t.me/cibsecurity/49619", "content": "\u203c CVE-2022-38297 \u203c\n\nUCMS v1.6.0 contains an authentication bypass vulnerability which is exploited via cookie poisoning.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-13T02:24:39.000000Z"}]}