{"vulnerability": "CVE-2022-3135", "sightings": [{"uuid": "31cd02a0-0d8c-4ed0-ad6e-fc472276c975", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-31358", "type": "seen", "source": "https://t.me/cibsecurity/54515", "content": "\u203c CVE-2022-31358 \u203c\n\nA reflected cross-site scripting (XSS) vulnerability in Proxmox Virtual Environment prior to v7.2-3 allows remote attackers to execute arbitrary web scripts or HTML via non-existent endpoints under path /api2/html/.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-14T18:22:40.000000Z"}, {"uuid": "ed8fc072-afb0-4d43-bad0-219c3b1a4ae4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3135", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/17187", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-3135\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The SEO Smart Links WordPress plugin through 3.0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)\n\ud83d\udccf Published: 2022-09-26T12:35:45.000Z\n\ud83d\udccf Modified: 2025-05-21T19:14:41.697Z\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/3505481d-141a-4516-bdbb-d4dad4e1eb01", "creation_timestamp": "2025-05-21T19:42:59.000000Z"}, {"uuid": "eb00541a-6b48-4cdb-9c2b-0ccc9764a1e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3135", "type": "seen", "source": "https://t.me/cibsecurity/50470", "content": "\u203c CVE-2022-3135 \u203c\n\nThe SEO Smart Links WordPress plugin through 3.0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-26T16:21:50.000000Z"}, {"uuid": "81032214-27dd-4523-9c7e-e9bb85751e7b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-31357", "type": "seen", "source": "https://t.me/cibsecurity/44742", "content": "\u203c CVE-2022-31357 \u203c\n\nOnline Ordering System v2.3.2 was discovered to contain a SQL injection vulnerability via /ordering/admin/inventory/index.php?view=edit&amp;id=.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-17T18:23:24.000000Z"}, {"uuid": "3139e548-573a-44e8-9c98-0e610a6b49e0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-31356", "type": "seen", "source": "https://t.me/cibsecurity/44740", "content": "\u203c CVE-2022-31356 \u203c\n\nOnline Ordering System v2.3.2 was discovered to contain a SQL injection vulnerability via /ordering/admin/store/index.php?view=edit&amp;id=.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-17T18:23:21.000000Z"}, {"uuid": "fbf59744-87a9-45ad-92eb-bcdbda5b1372", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-31355", "type": "seen", "source": "https://t.me/cibsecurity/44738", "content": "\u203c CVE-2022-31355 \u203c\n\nOnline Ordering System v2.3.2 was discovered to contain a SQL injection vulnerability via /ordering/index.php?q=category&amp;search=.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-17T18:23:19.000000Z"}, {"uuid": "b91e8b19-e1b8-415f-9646-11f8cd410293", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-31354", "type": "seen", "source": "https://t.me/cibsecurity/43719", "content": "\u203c CVE-2022-31354 \u203c\n\nOnline Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/classes/Master.php?f=get_vehicle_service.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-02T18:38:58.000000Z"}, {"uuid": "c8ffbae3-4aa4-4ad3-a278-1c98ba18b4b7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-31350", "type": "seen", "source": "https://t.me/cibsecurity/43682", "content": "\u203c CVE-2022-31350 \u203c\n\nOnline Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/vehicles/manage_vehicle.php?id=.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-02T18:35:36.000000Z"}]}