{"vulnerability": "CVE-2022-4740", "sightings": [{"uuid": "22c35327-2cc9-4fce-931e-088e93f93265", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-4740", "type": "seen", "source": "https://t.me/cibsecurity/55319", "content": "\u203c CVE-2022-4740 \u203c\n\nA vulnerability, which was classified as problematic, has been found in kkFileView. Affected by this issue is the function setWatermarkAttribute of the file /picturesPreview. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-216776.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-25T22:40:24.000000Z"}, {"uuid": "688c39db-4274-48af-adcf-80e8ad55ebbd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-47409", "type": "seen", "source": "https://t.me/cibsecurity/54561", "content": "\u203c CVE-2022-47409 \u203c\n\nAn issue was discovered in the fp_newsletter (aka Newsletter subscriber management) extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. Attackers can unsubscribe everyone via a series of modified subscription UIDs in deleteAction operations.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-15T00:22:55.000000Z"}, {"uuid": "ec2048a3-6369-4694-949f-8969bfbaa992", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-47406", "type": "seen", "source": "https://t.me/cibsecurity/54567", "content": "\u203c CVE-2022-47406 \u203c\n\nAn issue was discovered in the fe_change_pwd (aka Change password for frontend users) extension before 2.0.5, and 3.x before 3.0.3, for TYPO3. The extension fails to revoke existing sessions for the current user when the password has been changed.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-15T00:23:01.000000Z"}, {"uuid": "15a52b31-0fb7-45a3-9ec2-6146603e4d4f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-47408", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/12729", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-47408\n\ud83d\udd25 CVSS Score: 9.1 (cvssV3_1, Vector: CVSS:3.1/AC:L/AV:N/A:N/C:H/I:H/PR:N/S:U/UI:N)\n\ud83d\udd39 Description: An issue was discovered in the fp_newsletter (aka Newsletter subscriber management) extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. There is a CAPTCHA bypass that can lead to subscribing many people.\n\ud83d\udccf Published: 2022-12-14T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-21T18:57:29.737Z\n\ud83d\udd17 References:\n1. https://typo3.org/security/advisory/typo3-ext-sa-2022-017", "creation_timestamp": "2025-04-21T19:02:07.000000Z"}, {"uuid": "80dd915d-d026-44d0-8438-d14abb5b0998", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-47407", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/12726", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-47407\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AC:L/AV:N/A:N/C:L/I:L/PR:N/S:U/UI:N)\n\ud83d\udd39 Description: An issue was discovered in the fp_masterquiz (aka Master-Quiz) extension before 2.2.1, and 3.x before 3.5.1, for TYPO3. An attacker can continue the quiz of a different user. In doing so, the attacker can view that user's answers and modify those answers.\n\ud83d\udccf Published: 2022-12-14T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-21T18:59:40.712Z\n\ud83d\udd17 References:\n1. https://typo3.org/security/advisory/typo3-ext-sa-2022-018", "creation_timestamp": "2025-04-21T19:02:04.000000Z"}, {"uuid": "a591d195-0f3e-4db5-892a-93b4c5edf914", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-47409", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/12730", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-47409\n\ud83d\udd25 CVSS Score: 9.1 (cvssV3_1, Vector: CVSS:3.1/AC:L/AV:N/A:N/C:H/I:H/PR:N/S:U/UI:N)\n\ud83d\udd39 Description: An issue was discovered in the fp_newsletter (aka Newsletter subscriber management) extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. Attackers can unsubscribe everyone via a series of modified subscription UIDs in deleteAction operations.\n\ud83d\udccf Published: 2022-12-14T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-21T18:52:05.710Z\n\ud83d\udd17 References:\n1. https://typo3.org/security/advisory/typo3-ext-sa-2022-017", "creation_timestamp": "2025-04-21T19:02:11.000000Z"}, {"uuid": "f33d28d9-ea1f-496a-b4e2-b5c4c0abdc6c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-47408", "type": "seen", "source": "https://t.me/cibsecurity/54566", "content": "\u203c CVE-2022-47408 \u203c\n\nAn issue was discovered in the fp_newsletter (aka Newsletter subscriber management) extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. There is a CAPTCHA bypass that can lead to subscribing many people.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-15T00:23:00.000000Z"}]}