{"vulnerability": "CVE-2022-2710", "sightings": [{"uuid": "710eda95-4e8e-4191-bc50-fbfd977310b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2710", "type": "seen", "source": "https://t.me/cibsecurity/50032", "content": "\u203c CVE-2022-2710 \u203c\n\nThe Scroll To Top WordPress plugin before 1.4.1 does not escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-19T18:37:58.000000Z"}, {"uuid": "a0047327-85ad-48a2-bb46-9601bc64ca66", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27105", "type": "seen", "source": "https://t.me/cibsecurity/47023", "content": "\u203c CVE-2022-27105 \u203c\n\nInMailX Outlook Plugin &lt; 3.22.0101 is vulnerable to Cross Site Scripting (XSS). InMailX Connection names are not sanitzed in the Outlook tab, which allows a local user or network administrator to execute HTML / Javascript in the Outlook of users.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-27T02:35:31.000000Z"}, {"uuid": "ec71f443-8ba0-48c1-b80f-e65642205a74", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27109", "type": "seen", "source": "https://t.me/cibsecurity/40236", "content": "\u203c CVE-2022-27109 \u203c\n\nOrangeHRM 4.10 suffers from a Referer header injection redirect vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-06T18:31:22.000000Z"}, {"uuid": "0e2908db-2312-405d-9a92-d8a233fadb3d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27103", "type": "seen", "source": "https://t.me/cibsecurity/41376", "content": "\u203c CVE-2022-27103 \u203c\n\nelement-plus 2.0.5 is vulnerable to Cross Site Scripting (XSS) via el-table-column.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-25T16:36:09.000000Z"}, {"uuid": "00f4ecfc-cc6f-4681-86a6-4d4aff13afab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27104", "type": "seen", "source": "https://t.me/cibsecurity/41105", "content": "\u203c CVE-2022-27104 \u203c\n\nAn Unauthenticated time-based blind SQL injection vulnerability exists in Forma LMS prior to v.1.4.3.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-19T20:24:34.000000Z"}, {"uuid": "c6f0fb5e-10c3-47a7-b680-3d292553f03f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27107", "type": "seen", "source": "https://t.me/cibsecurity/40238", "content": "\u203c CVE-2022-27107 \u203c\n\nOrangeHRM 4.10 is vulnerable to Stored XSS in the \"Share Video\" section under \"OrangeBuzz\" via the GET/POST \"createVideo[linkAddress]\" parameter\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-06T18:31:24.000000Z"}, {"uuid": "a2bce2ea-1672-427f-840e-62ab07ad3288", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27108", "type": "seen", "source": "https://t.me/cibsecurity/40234", "content": "\u203c CVE-2022-27108 \u203c\n\nOrangeHRM 4.10 is vulnerable to Insecure Direct Object Reference (IDOR) via the end point symfony/web/index.php/time/createTimesheet`. Any user can create a timesheet in another user's account.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-06T18:31:20.000000Z"}]}