{"vulnerability": "CVE-2022-4067", "sightings": [{"uuid": "87372fb4-3a00-4ea4-94f7-7f6cc95cedf0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-4067", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/13729", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-4067\n\ud83d\udd25 CVSS Score: 3.4 (cvssV3_0, Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N)\n\ud83d\udd39 Description: Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.10.0.\n\ud83d\udccf Published: 2022-11-20T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-28T19:56:44.425Z\n\ud83d\udd17 References:\n1. https://huntr.dev/bounties/3ca7023e-d95c-423f-9e9a-222a67a8ee72\n2. https://github.com/librenms/librenms/commit/8e85698aa3aa4884c2f3d6c987542477eb64f07c", "creation_timestamp": "2025-04-28T20:11:14.000000Z"}, {"uuid": "c80fa841-2916-4e83-8d24-5ab667ba6ba3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-40679", "type": "seen", "source": "https://t.me/cibsecurity/61902", "content": "\u203c CVE-2022-40679 \u203c\n\nAn improper neutralization of special elements used in an OS command vulnerability [CWE-78]\u00c2\u00a0in FortiADC 5.x\u00c2\u00a0all versions, 6.0 all versions, 6.1\u00c2\u00a0all versions, 6.2.0 through 6.2.4, 7.0.0 through 7.0.3, 7.1.0;\u00c2\u00a0FortiDDoS 4.x\u00c2\u00a0all versions, 5.0\u00c2\u00a0all versions, 5.1\u00c2\u00a0all versions, 5.2\u00c2\u00a0all versions, 5.3\u00c2\u00a0all versions, 5.4\u00c2\u00a0all versions, 5.5\u00c2\u00a0all versions, 5.6\u00c2\u00a0all versions and FortiDDoS-F 6.4.0, 6.3.0 through 6.3.3, 6.2.0 through 6.2.2, 6.1.0 through 6.1.4 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-11T20:23:46.000000Z"}, {"uuid": "f797dfb5-3c2c-4d2a-89ba-833d17c7c237", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-40673", "type": "seen", "source": "https://t.me/cibsecurity/49768", "content": "\u203c CVE-2022-40673 \u203c\n\nKDiskMark before 3.1.0 lacks authorization checking for D-Bus methods such as Helper::flushPageCache.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-14T14:26:34.000000Z"}, {"uuid": "db2a9548-9804-415b-9b83-e37a0b70d5d9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-40674", "type": "seen", "source": "https://t.me/cibsecurity/49763", "content": "\u203c CVE-2022-40674 \u203c\n\nlibexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-14T14:26:28.000000Z"}, {"uuid": "d6d80420-5fc0-4925-b717-201f3c01f6fa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-40674", "type": "seen", "source": "https://bsky.app/profile/ferramentaslinux.bsky.social/post/3m3fh7itadc2q", "content": "", "creation_timestamp": "2025-10-17T14:10:18.850513Z"}, {"uuid": "b9094ce3-fa94-40b9-8bd8-6e08da207f2f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-40676", "type": "seen", "source": "https://t.me/cibsecurity/59591", "content": "\u203c CVE-2022-40676 \u203c\n\nA improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.8, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 allows attacker to execute unauthorized code or commands via specially crafted http requests.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-07T20:23:28.000000Z"}, {"uuid": "96e03c2f-64bc-41bf-af09-bdc6f7dad240", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-40674", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-08", "content": "", "creation_timestamp": "2025-04-15T10:00:00.000000Z"}, {"uuid": "54cdbff4-2457-4dc9-ac5e-592aeefb1308", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-40674", "type": "seen", "source": "https://t.me/arpsyndicate/1885", "content": "#ExploitObserverAlert\n\nCVE-2022-40674\n\nDESCRIPTION: Exploit Observer has 28 entries related to CVE-2022-40674. libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.\n\nFIRST-EPSS: 0.004320000\nNVD-IS: 5.9\nNVD-ES: 2.2", "creation_timestamp": "2023-12-18T01:52:41.000000Z"}, {"uuid": "bf24b689-9427-41a9-8580-ed60c7791091", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-40674", "type": "seen", "source": "https://t.me/arpsyndicate/1715", "content": "#ExploitObserverAlert\n\nCVE-2022-40674\n\nDESCRIPTION: Exploit Observer has 28 entries related to CVE-2022-40674. libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.\n\nFIRST-EPSS: 0.004320000\nNVD-IS: 5.9\nNVD-ES: 2.2", "creation_timestamp": "2023-12-11T07:37:19.000000Z"}, {"uuid": "336922d5-e880-4682-b2ae-c1051091a9f2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-4067", "type": "seen", "source": "https://t.me/cibsecurity/53207", "content": "\u203c CVE-2022-4067 \u203c\n\nCross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.10.0.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-20T07:30:53.000000Z"}]}