{"vulnerability": "CVE-2022-4147", "sightings": [{"uuid": "fb5738bc-d553-4364-b354-6f33d1b8ef93", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-41472", "type": "seen", "source": "https://t.me/cibsecurity/51588", "content": "\u203c CVE-2022-41472 \u203c\n\n74cmsSE v3.12.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /apiadmin/notice/add. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-17T18:13:14.000000Z"}, {"uuid": "29d9ddbe-5dc7-454e-bf75-c52aa3e54184", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-41471", "type": "seen", "source": "https://t.me/cibsecurity/51585", "content": "\u203c CVE-2022-41471 \u203c\n\n74cmsSE v3.12.0 allows authenticated attackers with low-level privileges to arbitrarily change the rights and credentials of the Super Administrator account.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-17T18:13:10.000000Z"}, {"uuid": "6b53a2b3-7f1b-4703-9960-f48c6f8a1efa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-41479", "type": "seen", "source": "https://t.me/cibsecurity/51682", "content": "\u203c CVE-2022-41479 \u203c\n\nThe DevExpress Resource Handler (ASPxHttpHandlerModule) in DevExpress ASP.NET Web Forms Build v19.2.3 does not verify the referenced objects in the /DXR.axd?r= HTTP GET parameter. This leads to an Insecure Direct Object References (IDOR) vulnerability which allows attackers to access the application source code.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-18T18:14:26.000000Z"}, {"uuid": "631b83a6-2789-4333-9784-431ec8378242", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-41477", "type": "seen", "source": "https://t.me/cibsecurity/51499", "content": "\u203c CVE-2022-41477 \u203c\n\nA security issue was discovered in WeBid <=1.2.2. A Server-Side Request Forgery (SSRF) vulnerability in the admin/theme.php file allows remote attackers to inject payloads via theme parameters to read files across directories.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-14T22:29:23.000000Z"}, {"uuid": "3c081b70-acfb-4d4b-9c64-ff4097ece501", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-41474", "type": "seen", "source": "https://t.me/cibsecurity/51325", "content": "\u203c CVE-2022-41474 \u203c\n\nRPCMS v3.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily change the password of any account.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-13T18:27:45.000000Z"}, {"uuid": "fe4e402b-0ee0-4d4c-ba20-a74856642438", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-41473", "type": "seen", "source": "https://t.me/cibsecurity/51324", "content": "\u203c CVE-2022-41473 \u203c\n\nRPCMS v3.0.2 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the Search function.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-13T18:27:44.000000Z"}, {"uuid": "25aae8ea-a767-469c-acdb-f069b6e4caf8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-41475", "type": "seen", "source": "https://t.me/cibsecurity/51323", "content": "\u203c CVE-2022-41475 \u203c\n\nRPCMS v3.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily add an administrator account.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-13T18:27:43.000000Z"}, {"uuid": "b5a50575-b0ec-4957-8d2c-98d9c269866f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-4147", "type": "seen", "source": "https://t.me/cibsecurity/54091", "content": "\u203c CVE-2022-4147 \u203c\n\nQuarkus CORS filter allows simple GET and POST requests with invalid Origin to proceed. Simple GET or POST requests made with XMLHttpRequest are the ones which have no event listeners registered on the object returned by the XMLHttpRequest upload property and have no ReadableStream object used in the request.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-06T22:40:59.000000Z"}]}