{"vulnerability": "CVE-2022-3393", "sightings": [{"uuid": "371cb394-9326-46af-a55a-6e5e4e24c353", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-33935", "type": "seen", "source": "https://t.me/cibsecurity/49070", "content": "\u203c CVE-2022-33935 \u203c\n\nDell EMC Data Protection Advisor versions 19.6 and earlier, contains a Stored Cross Site Scripting, an attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-31T00:36:01.000000Z"}, {"uuid": "05814034-d9e0-4401-90ba-17047a13cfc9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3393", "type": "seen", "source": "https://t.me/cibsecurity/52021", "content": "\u203c CVE-2022-3393 \u203c\n\nThe Post to CSV by BestWebSoft WordPress plugin through 1.4.0 does not properly escape fields when exporting data as CSV, leading to a CSV injection\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-25T20:26:49.000000Z"}, {"uuid": "ca53a2dc-c8e8-4c7e-ac37-88ca1c772c33", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-33930", "type": "seen", "source": "https://t.me/cibsecurity/47867", "content": "\u203c CVE-2022-33930 \u203c\n\nDell Wyse Management Suite 3.6.1 and below contains Information Disclosure in Devices error pages. An attacker could potentially exploit this vulnerability, leading to the disclosure of certain sensitive information. The attacker may be able to use the exposed information to access and further vulnerability research.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-10T20:26:06.000000Z"}, {"uuid": "a524e543-f6c3-45fe-95f5-b910d228823f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-33931", "type": "seen", "source": "https://t.me/cibsecurity/47871", "content": "\u203c CVE-2022-33931 \u203c\n\nDell Wyse Management Suite 3.6.1 and below contains an Improper Access control vulnerability in UI. An attacker with no access to Alert Classification page could potentially exploit this vulnerability, leading to the change the alert categories.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-10T20:26:12.000000Z"}, {"uuid": "1c968a74-1a46-488d-afa2-b3ea3e99d508", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-33932", "type": "seen", "source": "https://t.me/cibsecurity/48530", "content": "\u203c CVE-2022-33932 \u203c\n\nDell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.2, contain an unprotected primary channel vulnerability. An unauthenticated network malicious attacker may potentially exploit this vulnerability, leading to a denial of filesystem services.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-22T20:20:55.000000Z"}]}