{"vulnerability": "cve-2022-2903", "sightings": [{"uuid": "803512ff-0b5a-4f5d-b550-ff73de9ea3d1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-29038", "type": "seen", "source": "https://t.me/cibsecurity/40692", "content": "\u203c CVE-2022-29038 \u203c\n\nJenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier does not escape the name and description of Extended Choice parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-13T00:17:18.000000Z"}, {"uuid": "19f451b8-f85b-4c16-9370-b59eb3d546e1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-29037", "type": "seen", "source": "https://t.me/cibsecurity/40701", "content": "\u203c CVE-2022-29037 \u203c\n\nJenkins CVS Plugin 2.19 and earlier does not escape the name and description of CVS Symbolic Name parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-13T00:17:29.000000Z"}, {"uuid": "4f9613f5-b846-4004-8028-c242afb094dd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-29032", "type": "seen", "source": "https://t.me/cibsecurity/43039", "content": "\u203c CVE-2022-29032 \u203c\n\nA vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The CGM_NIST_Loader.dll library contains a double free vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to execute code in the context of the current process.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-20T16:30:47.000000Z"}, {"uuid": "5eecf1fd-4f78-4d8c-b789-0e991083e470", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-29035", "type": "seen", "source": "https://t.me/cibsecurity/40499", "content": "\u203c CVE-2022-29035 \u203c\n\nIn JetBrains Ktor Native before version 2.0.0 random values used for nonce generation weren't using SecureRandom implementations\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-11T22:16:18.000000Z"}, {"uuid": "565b77ba-61f9-411f-a1c5-946752153c96", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-2903", "type": "seen", "source": "https://t.me/cibsecurity/50474", "content": "\u203c CVE-2022-2903 \u203c\n\nThe Ninja Forms Contact Form WordPress plugin before 3.6.13 unserialises the content of an imported file, which could lead to PHP object injections issues when an admin import (intentionally or not) a malicious file and a suitable gadget chain is present on the blog.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-26T16:21:57.000000Z"}, {"uuid": "87e573b9-3cd6-4792-824a-a72470fc3eda", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-29033", "type": "seen", "source": "https://t.me/cibsecurity/43041", "content": "\u203c CVE-2022-29033 \u203c\n\nA vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The CGM_NIST_Loader.dll library is vulnerable to uninitialized pointer free while parsing specially crafted CGM files. An attacker could leverage this vulnerability to execute code in the context of the current process.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-20T16:30:49.000000Z"}, {"uuid": "4452e55c-84e8-47fc-b67a-39257521fc49", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-29031", "type": "seen", "source": "https://t.me/cibsecurity/43030", "content": "\u203c CVE-2022-29031 \u203c\n\nA vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The CGM_NIST_Loader.dll contains a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-20T16:30:37.000000Z"}, {"uuid": "e034d35f-7b96-4da4-940d-3ce71268312c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-2903", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/17184", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-2903\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The Ninja Forms Contact Form WordPress plugin before 3.6.13 unserialises the content of an imported file, which could lead to PHP object injections issues when an admin import (intentionally or not) a malicious file and a suitable gadget chain is present on the blog.\n\ud83d\udccf Published: 2022-09-26T12:35:34.000Z\n\ud83d\udccf Modified: 2025-05-21T19:18:35.069Z\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/255b98ba-5da9-4424-a7e9-c438d8905864", "creation_timestamp": "2025-05-21T19:42:56.000000Z"}]}