{"vulnerability": "CVE-2022-4220", "sightings": [{"uuid": "dae31a95-8665-43f7-995f-65db3b8c1402", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42201", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/15525", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-42201\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Simple Exam Reviewer Management System v1.0 is vulnerable to Insecure file upload.\n\ud83d\udccf Published: 2022-10-20T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-08T14:04:12.586Z\n\ud83d\udd17 References:\n1. https://www.sourcecodester.com/php/15160/simple-exam-reviewer-management-system-phpoop-free-source-code.html\n2. https://github.com/ciph0x01/Simple-Exam-Reviewer-Management-System-CVE/blob/main/CVE-2022-42201.md", "creation_timestamp": "2025-05-08T14:23:23.000000Z"}, {"uuid": "4bac0755-992c-4720-94db-b9457a8f51a7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4220", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/2830", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-4220\n\ud83d\udd39 Description: The Chained Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.2.4. This is due to missing nonce validation on the list_questions() function. This makes it possible for unauthenticated attackers to delete questions from quizzes via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.\n\ud83d\udccf Published: 2022-12-02T20:11:13.243Z\n\ud83d\udccf Modified: 2025-01-23T20:45:59.188Z\n\ud83d\udd17 References:\n1. https://plugins.trac.wordpress.org/browser/chained-quiz/trunk/controllers/questions.php#L73\n2. https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2826623%40chained-quiz&new=2826623%40chained-quiz&sfp_email=&sfph_mail=\n3. https://gist.github.com/Xib3rR4dAr/417a11bcb9b8da28cfe5ba1c17c44d0e\n4. https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-4220", "creation_timestamp": "2025-01-23T21:03:37.000000Z"}, {"uuid": "6da7baa9-661d-43cc-8a03-99873a8286cf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42205", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/15543", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-42205\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: PHPGurukul Hospital Management System In PHP V 4.0 is vulnerable to Cross Site Scripting (XSS) via add-patient.php.\n\ud83d\udccf Published: 2022-10-21T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-08T14:56:15.929Z\n\ud83d\udd17 References:\n1. https://sisl.lab.uic.edu/projects/chess/cross-site-scripting-in-hms2/", "creation_timestamp": "2025-05-08T15:24:39.000000Z"}, {"uuid": "2b491127-540a-41ba-ad29-d1472df60806", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42206", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/15521", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-42206\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: PHPGurukul Hospital Management System In PHP V 4.0 is vulnerable to Cross Site Scripting (XSS) via doctor/view-patient.php, admin/view-patient.php, and view-medhistory.php.\n\ud83d\udccf Published: 2022-10-21T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-08T14:11:32.502Z\n\ud83d\udd17 References:\n1. https://sisl.lab.uic.edu/projects/chess/cross-site-scripting-in-hms3/", "creation_timestamp": "2025-05-08T14:23:19.000000Z"}, {"uuid": "a3839bf3-ef16-4226-ab43-aa82bc917ecc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42202", "type": "seen", "source": "https://t.me/cibsecurity/51665", "content": "\u203c CVE-2022-42202 \u203c\n\nTP-Link TL-WR841N 8.0 4.17.16 Build 120201 Rel.54750n is vulnerable to Cross Site Scripting (XSS).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-18T16:14:01.000000Z"}, {"uuid": "7a527229-7982-4455-af8a-dca480d11e11", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42200", "type": "seen", "source": "https://t.me/cibsecurity/51873", "content": "\u203c CVE-2022-42200 \u203c\n\nSimple Exam Reviewer Management System v1.0 is vulnerable to Stored Cross Site Scripting (XSS) via the Exam List.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-20T16:21:18.000000Z"}, {"uuid": "26212eae-3550-4a3e-a2ba-d83627cb987b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42201", "type": "seen", "source": "https://t.me/cibsecurity/51872", "content": "\u203c CVE-2022-42201 \u203c\n\nSimple Exam Reviewer Management System v1.0 is vulnerable to Insecure file upload.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-20T16:21:17.000000Z"}]}