{"vulnerability": "cve-2022-4833", "sightings": [{"uuid": "d5d90604-9430-4836-a2f8-a79d8f329eb9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-4833", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/8787", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-4833\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The YourChannel: Everything you want in a YouTube plugin WordPress plugin before 1.2.3 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.\n\ud83d\udccf Published: 2023-02-06T19:59:18.984Z\n\ud83d\udccf Modified: 2025-03-25T20:39:19.473Z\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/35ba38cf-4f23-4344-8de3-cf3004ebf84c", "creation_timestamp": "2025-03-25T21:25:39.000000Z"}, {"uuid": "e0d649e4-5bd9-47dc-8ca9-bcc7094edf61", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-48332", "type": "seen", "source": "https://t.me/cibsecurity/65523", "content": "\u203c CVE-2022-48332 \u203c\n\nWidevine Trusted Application (TA) 5.0.0 through 5.1.1 has a drm_save_keys file_name_len integer overflow and resultant buffer overflow.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-06-26T20:55:07.000000Z"}, {"uuid": "055a5d02-021e-404f-8adf-712a136c9de6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-48334", "type": "seen", "source": "https://t.me/cibsecurity/65525", "content": "\u203c CVE-2022-48334 \u203c\n\nWidevine Trusted Application (TA) 5.0.0 through 5.1.1 has a drm_verify_keys total_len+file_name_len integer overflow and resultant buffer overflow.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-06-26T20:58:05.000000Z"}, {"uuid": "21deaed1-ac53-43c7-9a7f-4f10a2535571", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-48339", "type": "seen", "source": "https://t.me/cibsecurity/58549", "content": "\u203c CVE-2022-48339 \u203c\n\nAn issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and parameter srcdir come from external input, and parameters are not escaped. If a file name or directory name contains shell metacharacters, code may be executed.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-21T02:16:14.000000Z"}, {"uuid": "2f1fcc21-0eb5-40e8-b7fe-0bcf2c6358e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-48338", "type": "seen", "source": "https://t.me/cibsecurity/58547", "content": "\u203c CVE-2022-48338 \u203c\n\nAn issue was discovered in GNU Emacs through 28.2. In ruby-mode.el, the ruby-find-library-file function has a local command injection vulnerability. The ruby-find-library-file function is an interactive function, and bound to C-c C-f. Inside the function, the external command gem is called through shell-command-to-string, but the feature-name parameters are not escaped. Thus, malicious Ruby source files may cause commands to be executed.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-21T02:16:12.000000Z"}, {"uuid": "4083da7b-8f7c-4032-b436-4862c5fcab89", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-48337", "type": "seen", "source": "https://t.me/cibsecurity/58546", "content": "\u203c CVE-2022-48337 \u203c\n\nGNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the \"etags -u *\" command (suggested in the etags documentation) in a situation where the current working directory has contents that depend on untrusted input.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-22T00:53:09.000000Z"}, {"uuid": "c8687cf9-fd38-4882-92b4-47d9ac540e62", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-48335", "type": "seen", "source": "https://t.me/cibsecurity/65522", "content": "\u203c CVE-2022-48335 \u203c\n\nWidevine Trusted Application (TA) 5.0.0 through 7.1.1 has a PRDiagVerifyProvisioning integer overflow and resultant buffer overflow.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-06-26T20:55:06.000000Z"}, {"uuid": "dc00c048-9fcc-4192-8939-8ecd6ae291d1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-48336", "type": "seen", "source": "https://t.me/cibsecurity/65521", "content": "\u203c CVE-2022-48336 \u203c\n\nWidevine Trusted Application (TA) 5.0.0 through 7.1.1 has a PRDiagParseAndStoreData integer overflow and resultant buffer overflow.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-06-26T20:55:05.000000Z"}, {"uuid": "b4a90b32-a154-4beb-af3a-01092509124a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-48333", "type": "seen", "source": "https://t.me/cibsecurity/65520", "content": "\u203c CVE-2022-48333 \u203c\n\nWidevine Trusted Application (TA) 5.0.0 through 5.1.1 has a drm_verify_keys prefix_len+feature_name_len integer overflow and resultant buffer overflow.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-06-26T20:55:04.000000Z"}, {"uuid": "f9982bdb-3d32-4eeb-9389-6505b34755a2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-48331", "type": "seen", "source": "https://t.me/cibsecurity/65517", "content": "\u203c CVE-2022-48331 \u203c\n\nWidevine Trusted Application (TA) 5.0.0 through 5.1.1 has a drm_save_keys feature_name_len integer overflow and resultant buffer overflow.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-06-26T20:52:03.000000Z"}]}