{"vulnerability": "cve-2022-3730", "sightings": [{"uuid": "c92de69d-d984-406f-aed4-cd8f2e5c07f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-37308", "type": "seen", "source": "https://t.me/cibsecurity/55341", "content": "\u203c CVE-2022-37308 \u203c\n\nOX App Suite through 7.10.6 allows XSS via HTML in text/plain e-mail messages.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-26T07:40:46.000000Z"}, {"uuid": "1b5af09c-129b-4ae0-a617-1b1e71b75904", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-37309", "type": "seen", "source": "https://t.me/cibsecurity/55334", "content": "\u203c CVE-2022-37309 \u203c\n\nOX App Suite through 7.10.6 allows XSS via script code within a contact that has an e-mail address but lacks a name.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-26T07:40:39.000000Z"}, {"uuid": "efefb69c-ab4d-4509-8e15-b2c0e4ee6a50", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-37307", "type": "seen", "source": "https://t.me/cibsecurity/55335", "content": "\u203c CVE-2022-37307 \u203c\n\nOX App Suite through 7.10.6 allows XSS via XHTML CDATA for a snippet, as demonstrated by the onerror attribute of an IMG element within an e-mail signature.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-26T07:40:40.000000Z"}, {"uuid": "e6ce4ab4-15b2-4b8b-a93e-04c900757b4f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-37300", "type": "seen", "source": "https://t.me/cibsecurity/49592", "content": "\u203c CVE-2022-37300 \u203c\n\nA CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could cause unauthorized access in read and write mode to the controller when communicating over Modbus. Affected Products: EcoStruxure Control Expert Including all Unity Pro versions (former name of EcoStruxure Control Expert) (V15.0 SP1 and prior), EcoStruxure Process Expert, Including all versions of EcoStruxure Hybrid DCS (former name of EcoStruxure Process Expert) (V2021 and prior), Modicon M340 CPU (part numbers BMXP34*) (V3.40 and prior), Modicon M580 CPU (part numbers BMEP* and BMEH*) (V3.20 and prior).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-12T22:24:01.000000Z"}, {"uuid": "687a907f-a146-4d8f-9ff3-361827edf4a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-37305", "type": "seen", "source": "https://t.me/cibsecurity/48632", "content": "\u203c CVE-2022-37305 \u203c\n\nThe Remote Keyless Entry (RKE) receiving unit on certain Honda vehicles through 2018 allows remote attackers to perform unlock operations and force a resynchronization after capturing five consecutive valid RKE signals over the radio, aka a RollBack attack. The attacker retains the ability to unlock indefinitely.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-24T12:22:27.000000Z"}, {"uuid": "15138fc2-2927-48c8-b6d5-7a2484d15c39", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-37309", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/11623", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-37309\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: OX App Suite through 7.10.6 allows XSS via script code within a contact that has an e-mail address but lacks a name.\n\ud83d\udccf Published: 2022-12-26T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-14T14:42:07.163Z\n\ud83d\udd17 References:\n1. https://open-xchange.com\n2. https://seclists.org/fulldisclosure/2022/Nov/18", "creation_timestamp": "2025-04-14T14:53:50.000000Z"}, {"uuid": "3d37854c-7e7b-4f32-8f32-29e0f9b1bca8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-37307", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/11619", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-37307\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: OX App Suite through 7.10.6 allows XSS via XHTML CDATA for a snippet, as demonstrated by the onerror attribute of an IMG element within an e-mail signature.\n\ud83d\udccf Published: 2022-12-26T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-14T14:44:24.195Z\n\ud83d\udd17 References:\n1. https://open-xchange.com\n2. https://seclists.org/fulldisclosure/2022/Nov/18", "creation_timestamp": "2025-04-14T14:53:43.000000Z"}, {"uuid": "3bd15f11-89d8-4761-b59d-a4f25a80b844", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-37306", "type": "seen", "source": "https://t.me/cibsecurity/62251", "content": "\u203c CVE-2022-37306 \u203c\n\nOX App Suite before 7.10.6-rev30 allows XSS via an upsell trigger.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-16T07:27:20.000000Z"}, {"uuid": "b14795ab-b9bc-4bdd-8f89-95c263df5fad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-37301", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/13689", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-37301\n\ud83d\udd25 CVSS Score: 7.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\ud83d\udd39 Description: A CWE-191: Integer Underflow (Wrap or Wraparound) vulnerability exists that could cause a denial of service of the controller due to memory access violations when using the Modbus TCP protocol. Affected products: Modicon M340 CPU (part numbers BMXP34*)(V3.40 and prior), Modicon M580 CPU (part numbers BMEP* and BMEH*)(V3.22 and prior), Legacy Modicon Quantum/Premium(All Versions), Modicon Momentum MDI (171CBU*)(All Versions), Modicon MC80 (BMKC80)(V1.7 and prior)\n\ud83d\udccf Published: 2022-11-22T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-28T14:32:19.547Z\n\ud83d\udd17 References:\n1. https://www.se.com/us/en/download/document/SEVD-2022-221-02/", "creation_timestamp": "2025-04-28T15:10:55.000000Z"}, {"uuid": "2cf41134-cd69-4d21-a2f5-cc192bccd19f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-37308", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/11621", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-37308\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: OX App Suite through 7.10.6 allows XSS via HTML in text/plain e-mail messages.\n\ud83d\udccf Published: 2022-12-26T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-14T14:43:15.189Z\n\ud83d\udd17 References:\n1. https://open-xchange.com\n2. https://seclists.org/fulldisclosure/2022/Nov/18", "creation_timestamp": "2025-04-14T14:53:48.000000Z"}]}