{"vulnerability": "CVE-2022-4503", "sightings": [{"uuid": "5f318a5c-28a3-42c9-9456-1fe34f37f239", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45037", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/13500", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-45037\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A cross-site scripting (XSS) vulnerability in /admin/users/index.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Display Name field.\n\ud83d\udccf Published: 2022-11-25T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-25T18:48:50.633Z\n\ud83d\udd17 References:\n1. https://shimo.im/docs/dPkpKPQEjXfvYoqO", "creation_timestamp": "2025-04-25T19:07:19.000000Z"}, {"uuid": "4fdd6f96-7c25-4ac9-bef6-60c92e131cab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45036", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/13501", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-45036\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the No Results field.\n\ud83d\udccf Published: 2022-11-25T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-25T18:47:11.033Z\n\ud83d\udd17 References:\n1. https://shimo.im/docs/2wAlXR1j6BsJlDAP", "creation_timestamp": "2025-04-25T19:07:23.000000Z"}, {"uuid": "48c7f81b-c1f8-4d50-9d19-454109dfb7d1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45039", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/13496", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-45039\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: An arbitrary file upload vulnerability in the Server Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary code via a crafted PHP file.\n\ud83d\udccf Published: 2022-11-25T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-25T19:01:03.143Z\n\ud83d\udd17 References:\n1. https://shimo.im/docs/XKq4MKmDYDC8B1kN", "creation_timestamp": "2025-04-25T19:07:15.000000Z"}, {"uuid": "732622ca-fe29-417e-836d-0955d2a950df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45038", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/13498", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-45038\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A cross-site scripting (XSS) vulnerability in /admin/settings/save.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website Footer field.\n\ud83d\udccf Published: 2022-11-25T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-25T18:57:39.308Z\n\ud83d\udd17 References:\n1. https://shimo.im/docs/Ee32MrJd80iEwyA2", "creation_timestamp": "2025-04-25T19:07:17.000000Z"}, {"uuid": "bdeacf10-347c-4096-bb80-f4cab002780c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45033", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/12676", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-45033\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A cross-site scripting (XSS) vulnerability in Expense Tracker 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Chat text field.\n\ud83d\udccf Published: 2022-12-15T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-21T14:39:48.527Z\n\ud83d\udd17 References:\n1. https://github.com/cyb3r-n3rd/cve-request/blob/main/cve-poc-payload", "creation_timestamp": "2025-04-21T15:02:58.000000Z"}, {"uuid": "690e507d-3808-4d51-becf-ab5f3b490d77", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45030", "type": "seen", "source": "https://t.me/cibsecurity/62211", "content": "\u203c CVE-2022-45030 \u203c\n\nA SQL injection vulnerability in rConfig 3.9.7 exists via lib/ajaxHandlers/ajaxCompareGetCmdDates.php?command= (this may interact with secure-file-priv).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-15T07:26:29.000000Z"}, {"uuid": "0eaf2152-0b06-4094-a987-2ab78cc59974", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4503", "type": "seen", "source": "https://t.me/cibsecurity/54594", "content": "\u203c CVE-2022-4503 \u203c\n\nCross-site Scripting (XSS) - Generic in GitHub repository openemr/openemr prior to 7.0.0.2.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-15T07:23:14.000000Z"}, {"uuid": "e72d3940-d2d8-4d5f-a205-54c8e2003672", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45033", "type": "seen", "source": "https://t.me/cibsecurity/54628", "content": "\u203c CVE-2022-45033 \u203c\n\nA cross-site scripting (XSS) vulnerability in Expense Tracker 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Chat text field.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-15T22:29:50.000000Z"}, {"uuid": "c04a5d06-5052-48e3-bfce-57a1ae9623f3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45036", "type": "seen", "source": "https://t.me/cibsecurity/53505", "content": "\u203c CVE-2022-45036 \u203c\n\nA cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the No Results field.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-25T18:20:28.000000Z"}, {"uuid": "83ba0450-857a-4498-a570-cf032e486e5c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45037", "type": "seen", "source": "https://t.me/cibsecurity/53500", "content": "\u203c CVE-2022-45037 \u203c\n\nA cross-site scripting (XSS) vulnerability in /admin/users/index.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Display Name field.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-25T18:20:20.000000Z"}, {"uuid": "38b03c9f-478f-483a-b9c0-6c53b8658421", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45039", "type": "seen", "source": "https://t.me/cibsecurity/53499", "content": "\u203c CVE-2022-45039 \u203c\n\nAn arbitrary file upload vulnerability in the Server Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary code via a crafted PHP file.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-26T04:38:29.000000Z"}, {"uuid": "f24b48d7-1895-43ca-a1f9-d1a3c732eb9c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45038", "type": "seen", "source": "https://t.me/cibsecurity/53504", "content": "\u203c CVE-2022-45038 \u203c\n\nA cross-site scripting (XSS) vulnerability in /admin/settings/save.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website Footer field.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-25T18:20:24.000000Z"}]}