{"vulnerability": "cve-2022-4834", "sightings": [{"uuid": "fd0d82a4-c1a8-4cf7-98b8-244acbf9a0fa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-4834", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/9209", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-4834\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The CPT Bootstrap Carousel WordPress plugin through 1.12 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.\n\ud83d\udccf Published: 2023-01-30T20:31:39.463Z\n\ud83d\udccf Modified: 2025-03-27T20:04:46.019Z\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/6183318f-0230-47a1-87f2-3c5aaef678a5", "creation_timestamp": "2025-03-27T20:27:28.000000Z"}, {"uuid": "2e88cdd3-1502-41de-b5c9-48ad06d74c5e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-48346", "type": "seen", "source": "https://t.me/cibsecurity/60867", "content": "\u203c CVE-2022-48346 \u203c\n\nThe HwContacts module has a logic bypass vulnerability. Successful exploitation of this vulnerability may affect confidentiality.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-28T02:32:21.000000Z"}, {"uuid": "f3ee3ff8-4ceb-4c35-b5b9-05b4fe5c416c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-48347", "type": "seen", "source": "https://t.me/cibsecurity/60858", "content": "\u203c CVE-2022-48347 \u203c\n\nThe MediaProvider module has a vulnerability in permission verification. Successful exploitation of this vulnerability may affect confidentiality.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-28T02:26:32.000000Z"}, {"uuid": "b0f839bb-e6e7-491d-847b-65b070f8b0e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-48345", "type": "seen", "source": "https://t.me/cibsecurity/58856", "content": "\u203c CVE-2022-48345 \u203c\n\nsanitize-url (aka @braintree/sanitize-url) before 6.0.2 allows XSS via HTML entities.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-24T12:49:17.000000Z"}, {"uuid": "4174b958-aa19-4fd5-9f05-157624174f30", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-48340", "type": "seen", "source": "https://t.me/cibsecurity/58558", "content": "\u203c CVE-2022-48340 \u203c\n\nIn Gluster GlusterFS 11.0, there is an xlators/cluster/dht/src/dht-common.c dht_setxattr_mds_cbk use-after-free.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-21T07:29:40.000000Z"}, {"uuid": "78ee0cdb-4f78-4129-928b-30a2730e00b9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-48344", "type": "seen", "source": "https://t.me/cibsecurity/58782", "content": "\u203c CVE-2022-48344 \u203c\n\nIn JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability in the group creation process.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-23T18:18:25.000000Z"}, {"uuid": "4895755f-39e8-4eaf-abe5-77d1777ca369", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-48343", "type": "seen", "source": "https://t.me/cibsecurity/58779", "content": "\u203c CVE-2022-48343 \u203c\n\nIn JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability in the user creation process.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-23T18:18:19.000000Z"}, {"uuid": "6a27951e-8d00-4977-8c3b-584c5d99e65f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-48342", "type": "seen", "source": "https://t.me/cibsecurity/58784", "content": "\u203c CVE-2022-48342 \u203c\n\nIn JetBrains TeamCity before 2022.10.2 jVMTI was enabled by default on agents.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-23T18:18:27.000000Z"}, {"uuid": "b7407b82-c6ec-4b9f-8e18-725244df1460", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-48341", "type": "seen", "source": "https://t.me/cibsecurity/58773", "content": "\u203c CVE-2022-48341 \u203c\n\nThingsBoard 3.4.1 could allow a remote authenticated attacker to achieve Vertical Privilege Escalation. A Tenant Administrator can obtain System Administrator dashboard access by modifying the scope via the scopes parameter.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-23T12:18:14.000000Z"}, {"uuid": "f720f0c9-412e-4f9b-a5e3-ccba07e4c377", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-48348", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/5204", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-48348\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The MediaProvider module has a vulnerability of unauthorized data read. Successful exploitation of this vulnerability may affect confidentiality and integrity.\n\ud83d\udccf Published: 2023-03-27T00:00:00.000Z\n\ud83d\udccf Modified: 2025-02-24T19:10:14.845Z\n\ud83d\udd17 References:\n1. https://device.harmonyos.com/en/docs/security/update/security-bulletins-202303-0000001529824505\n2. https://consumer.huawei.com/en/support/bulletin/2023/3/", "creation_timestamp": "2025-02-24T19:22:18.000000Z"}, {"uuid": "18aa8c40-cd64-4586-a5ef-773e1305a912", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-48349", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/5205", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-48349\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The control component has a spoofing vulnerability. Successful exploitation of this vulnerability may affect confidentiality and availability.\n\ud83d\udccf Published: 2023-03-27T00:00:00.000Z\n\ud83d\udccf Modified: 2025-02-24T19:08:56.212Z\n\ud83d\udd17 References:\n1. https://device.harmonyos.com/en/docs/security/update/security-bulletins-202303-0000001529824505\n2. https://consumer.huawei.com/en/support/bulletin/2023/3/", "creation_timestamp": "2025-02-24T19:22:19.000000Z"}, {"uuid": "99739ae2-3542-49d7-b4a4-3b35c1ff5d19", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-48345", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/7319", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-48345\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: sanitize-url (aka @braintree/sanitize-url) before 6.0.2 allows XSS via HTML entities.\n\ud83d\udccf Published: 2023-02-24T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-12T15:36:20.862Z\n\ud83d\udd17 References:\n1. https://github.com/braintree/sanitize-url/commit/d4bdc89f1743fe3cdb7c3f24b06e4c875f349b0c\n2. https://github.com/braintree/sanitize-url/compare/v6.0.1...v6.0.2", "creation_timestamp": "2025-03-12T15:40:48.000000Z"}, {"uuid": "730e6d18-41c7-4c66-a19f-231b75809020", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-48346", "type": "seen", "source": "Telegram/ZW-wbV_maKhx2pQYq5SsRyiSTDiAzSVoYu7TE5ZhSVPTwPE2", "content": "", "creation_timestamp": "2025-02-19T22:21:30.000000Z"}]}