{"vulnerability": "CVE-2022-2844", "sightings": [{"uuid": "63a4d66c-cbe2-4c75-825b-e284530d0a80", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28444", "type": "seen", "source": "https://t.me/cibsecurity/41281", "content": "\u203c CVE-2022-28444 \u203c\n\nUCMS v1.6 was discovered to contain an arbitrary file read vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-22T00:27:27.000000Z"}, {"uuid": "3fbd7d43-9621-4db2-849b-c72830e4b3ea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2844", "type": "seen", "source": "https://t.me/cibsecurity/48233", "content": "\u203c CVE-2022-2844 \u203c\n\nA vulnerability classified as problematic has been found in MotoPress Timetable and Event Schedule up to 1.4.06. This affects an unknown part of the file /wp/?cpmvc_id=1&amp;cpmvc_do_action=mvparse&amp;f=datafeed&amp;calid=1&amp;month_index=1&amp;method=adddetails&amp;id=2 of the component Calendar Handler. The manipulation of the argument Subject/Location/Description leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-206487.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-16T22:39:17.000000Z"}, {"uuid": "f8005d53-5c4f-491f-aa96-52e420c4ee51", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28449", "type": "seen", "source": "https://t.me/cibsecurity/41465", "content": "\u203c CVE-2022-28449 \u203c\n\nnopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS). At Apply for vendor account feature, an attacker can upload an arbitrary file to the system.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-27T00:37:31.000000Z"}, {"uuid": "410b27b9-b716-4fd7-bbdf-ca92bf1ed31a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28448", "type": "seen", "source": "https://t.me/cibsecurity/41464", "content": "\u203c CVE-2022-28448 \u203c\n\nnopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS). An attacker (role customer) can inject javascript code to First name or Last name at Customer Info.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-27T00:37:30.000000Z"}, {"uuid": "e172ee45-405f-4017-8c6a-3f9ac0535bf4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28445", "type": "seen", "source": "https://t.me/cibsecurity/41280", "content": "\u203c CVE-2022-28445 \u203c\n\nKiteCMS v1.1.1 was discovered to contain an arbitrary file read vulnerability via the background management module.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-22T00:27:26.000000Z"}, {"uuid": "da065cc7-2e5b-492a-b425-dcc1d713f59d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28440", "type": "seen", "source": "https://t.me/cibsecurity/41289", "content": "\u203c CVE-2022-28440 \u203c\n\nAn arbitrary file upload vulnerability in UCMS v1.6 allows attackers to execute arbitrary code via a crafted PHP file.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-22T00:33:14.000000Z"}, {"uuid": "bc51b3c0-daeb-4a97-8cc8-b661c91dce64", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28443", "type": "seen", "source": "https://t.me/cibsecurity/41272", "content": "\u203c CVE-2022-28443 \u203c\n\nUCMS v1.6 was discovered to contain an arbitrary file deletion vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-22T00:27:15.000000Z"}]}