{"vulnerability": "CVE-2025-2255", "sightings": [{"uuid": "e75b71c9-7daa-41e6-8dd2-1f674e567502", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-22553", "type": "seen", "source": "https://bsky.app/profile/vulnalerts.bsky.social/post/3lgdlb4sv5w22", "content": "", "creation_timestamp": "2025-01-22T14:28:24.487412Z"}, {"uuid": "cd013eee-e550-4f07-b7e3-c43242485636", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2255", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3llxgocedek23", "content": "", "creation_timestamp": "2025-04-04T03:05:29.568126Z"}, {"uuid": "f7f00128-2fe5-4e37-80b9-3ad262693438", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2255", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9078", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-2255\n\ud83d\udd25 CVSS Score: 8.7 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N)\n\ud83d\udd39 Description: An issue has been discovered in Gitlab EE/CE for AppSec affecting all versions from 13.5.0 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. Certain error messages could allow Cross-Site Scripting attacks (XSS). for AppSec.\n\ud83d\udccf Published: 2025-03-27T12:30:47.592Z\n\ud83d\udccf Modified: 2025-03-27T13:13:21.218Z\n\ud83d\udd17 References:\n1. https://gitlab.com/gitlab-org/gitlab/-/issues/524635\n2. https://hackerone.com/reports/2994150", "creation_timestamp": "2025-03-27T13:26:59.000000Z"}, {"uuid": "87254539-83fd-47a0-819c-aff7a66cf350", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-22559", "type": "seen", "source": "https://t.me/cvedetector/14565", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-22559 - \u201eCiscoTubePress.NET CSRF Vulnerability\u201c\", \n  \"Content\": \"CVE ID : CVE-2025-22559 \nPublished : Jan. 7, 2025, 4:15 p.m. | 41\u00a0minutes ago \nDescription : Cross-Site Request Forgery (CSRF) vulnerability in Mario Mansour and Geoff Peters TubePress.NET allows Cross Site Request Forgery.This issue affects TubePress.NET: from n/a through 4.0.1. \nSeverity: 7.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"07 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-07T18:03:38.000000Z"}, {"uuid": "403af93e-712f-4161-89af-fa8c98641c1b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-22558", "type": "seen", "source": "https://t.me/cvedetector/14564", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-22558 - Mcjh Button Stored Cross-Site Scripting (XSS)\", \n  \"Content\": \"CVE ID : CVE-2025-22558 \nPublished : Jan. 7, 2025, 4:15 p.m. | 41\u00a0minutes ago \nDescription : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Marcus C. J. Hartmann mcjh button shortcode allows Stored XSS.This issue affects mcjh button shortcode: from n/a through 1.6.4. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"07 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-07T18:03:37.000000Z"}, {"uuid": "00b48c71-3c85-4771-b966-bcafc1ccbd15", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-22551", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lf62gw5h5y2e", "content": "", "creation_timestamp": "2025-01-07T16:18:52.119165Z"}, {"uuid": "c02e51a3-968f-4c20-bcc3-1acad77a65ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-22557", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lf62hcy5fw2a", "content": "", "creation_timestamp": "2025-01-07T16:19:05.456744Z"}, {"uuid": "0e1f1640-fe14-419b-aad2-f74248fabb2d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-22558", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lf62hfaesu2o", "content": "", "creation_timestamp": "2025-01-07T16:19:08.082656Z"}, {"uuid": "336e08c5-8531-4b39-bd3b-f0a728b567d7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-22559", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lf62hhkznq25", "content": "", "creation_timestamp": "2025-01-07T16:19:10.371690Z"}, {"uuid": "584e2f3e-38f1-46ae-9e19-42abeb3e5cec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2255", "type": "seen", "source": "https://t.me/cvedetector/21277", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-2255 - Gitlab AppSec Cross-Site Scripting (XSS) Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-2255 \nPublished : March 27, 2025, 1:15 p.m. | 14\u00a0minutes ago \nDescription : An issue has been discovered in Gitlab EE/CE for AppSec affecting all versions from 13.5.0 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. Certain error messages could allow Cross-Site Scripting attacks (XSS). for AppSec. \nSeverity: 8.7 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"27 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-27T14:58:24.000000Z"}, {"uuid": "4b960e02-1a36-487e-ab15-d70bd3541c53", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-22556", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lf62hagg6g2a", "content": "", "creation_timestamp": "2025-01-07T16:19:02.863908Z"}, {"uuid": "67efb763-d998-4c25-979e-3589b5262e89", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-22552", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lf62gyuqe32k", "content": "", "creation_timestamp": "2025-01-07T16:18:54.867123Z"}, {"uuid": "21582555-0ac5-4b20-9e9a-c9242dbc6174", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-22550", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lf62gtk2kp25", "content": "", "creation_timestamp": "2025-01-07T16:18:49.509832Z"}, {"uuid": "17a59a4a-a9e9-47bf-a861-835a7c7e2d9c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-22554", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lf62h3fujx2l", "content": "", "creation_timestamp": "2025-01-07T16:18:57.724535Z"}, {"uuid": "a5c43462-ef89-45c9-9818-f4f7dc502558", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-22553", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgb24zddj72s", "content": "", "creation_timestamp": "2025-01-21T14:16:30.666844Z"}, {"uuid": "81c245ed-453c-4950-aedc-a037f1e05d0e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-22553", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113866820161591492", "content": "", "creation_timestamp": "2025-01-21T14:29:50.651652Z"}, {"uuid": "e887e44c-50b2-49b9-827e-6ca593f4da6b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-22553", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/113866894463220926", "content": "", "creation_timestamp": "2025-01-21T14:48:51.187162Z"}, {"uuid": "592d98b9-1477-4e08-b88b-3ee3ff01ff05", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-22553", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/2390", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-22553\n\ud83d\udd39 Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound Multiple Carousel allows SQL Injection. This issue affects Multiple Carousel: from n/a through 2.0.\n\ud83d\udccf Published: 2025-01-21T13:40:34.650Z\n\ud83d\udccf Modified: 2025-01-21T13:40:34.650Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/multicarousel/vulnerability/wordpress-multiple-carousel-plugin-2-0-sql-injection-vulnerability?_s_id=cve", "creation_timestamp": "2025-01-21T14:01:36.000000Z"}, {"uuid": "a731c0bb-594f-43d6-8826-aa8d9a0973ec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-22553", "type": "seen", "source": "https://t.me/cvedetector/15970", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-22553 - Apache Multiple Carousel SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-22553 \nPublished : Jan. 21, 2025, 2:15 p.m. | 42\u00a0minutes ago \nDescription : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound Multiple Carousel allows SQL Injection. This issue affects Multiple Carousel: from n/a through 2.0. \nSeverity: 9.3 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"21 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-21T16:08:08.000000Z"}, {"uuid": "3aeb4a45-b057-4736-b311-73402482c7fa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-22555", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lf62h5tt6d2k", "content": "", "creation_timestamp": "2025-01-07T16:19:00.043222Z"}]}