https://vulnerability.circl.lu/sightings/feed 2026-06-08T16:19:51.318383+00:00 Vulnerability-Lookup info@circl.lu python-feedgen Contains only the most 10 recent sightings. https://vulnerability.circl.lu/sighting/7daa5f83-e48a-4ea6-991d-ea738a60b031/export 2026-06-08T16:19:51.687272+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "7daa5f83-e48a-4ea6-991d-ea738a60b031", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42992", "type": "seen", "source": "https://t.me/cibsecurity/52152", "content": "\u203c CVE-2022-42992 \u203c\n\nMultiple stored cross-site scripting (XSS) vulnerabilities in Train Scheduler App v1.0 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Train Code, Train Name, and Destination text fields.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-27T17:58:03.000000Z"} 2022-10-27T17:58:03+00:00 https://vulnerability.circl.lu/sighting/843cf151-8033-4400-83f5-60f1cde46e8a/export 2026-06-08T16:19:51.687189+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "843cf151-8033-4400-83f5-60f1cde46e8a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42991", "type": "seen", "source": "https://t.me/cibsecurity/52155", "content": "\u203c CVE-2022-42991 \u203c\n\nA stored cross-site scripting (XSS) vulnerability in Simple Online Public Access Catalog v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit Account Full Name field.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-27T18:28:24.000000Z"} 2022-10-27T18:28:24+00:00 https://vulnerability.circl.lu/sighting/3c3cd216-b7fb-4a3d-81a5-076bef9c180d/export 2026-06-08T16:19:51.687109+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "3c3cd216-b7fb-4a3d-81a5-076bef9c180d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42993", "type": "seen", "source": "https://t.me/cibsecurity/52158", "content": "\u203c CVE-2022-42993 \u203c\n\nPassword Storage Application v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Setup page.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-27T18:28:26.000000Z"} 2022-10-27T18:28:26+00:00 https://vulnerability.circl.lu/sighting/adb473d0-97eb-4dae-aa9b-90131cea1931/export 2026-06-08T16:19:51.687023+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "adb473d0-97eb-4dae-aa9b-90131cea1931", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42990", "type": "seen", "source": "https://t.me/cibsecurity/52598", "content": "\u203c CVE-2022-42990 \u203c\n\nFood Ordering Management System v1.0 was discovered to contain a SQL injection vulnerability via the component /foms/all-orders.php?status=Cancelled%20by%20Customer.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-07T18:34:25.000000Z"} 2022-11-07T18:34:25+00:00 https://vulnerability.circl.lu/sighting/657c18f6-0c5e-41b2-8c33-411b38b2d163/export 2026-06-08T16:19:51.686907+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "657c18f6-0c5e-41b2-8c33-411b38b2d163", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4299", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/10548", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-4299\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The Metricool WordPress plugin before 1.18 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).\n\ud83d\udccf Published: 2023-01-16T15:38:12.110Z\n\ud83d\udccf Modified: 2025-04-04T20:25:59.005Z\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/169c5611-ed10-4cc3-bd07-09b365adf303", "creation_timestamp": "2025-04-04T20:36:22.000000Z"} 2025-04-04T20:36:22+00:00 https://vulnerability.circl.lu/sighting/d55174a3-e28f-4b28-8886-91ba9194a433/export 2026-06-08T16:19:51.683877+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "d55174a3-e28f-4b28-8886-91ba9194a433", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42993", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/16039", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-42993\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Password Storage Application v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Setup page.\n\ud83d\udccf Published: 2022-10-27T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-12T19:54:37.450Z\n\ud83d\udd17 References:\n1. http://password.com\n2. http://oretnom23.com\n3. https://github.com/draco1725/POC/blob/main/Exploit/Password%20Storage%20Application/XSS", "creation_timestamp": "2025-05-12T20:29:39.000000Z"} 2025-05-12T20:29:39+00:00