{"vulnerability": "CVE-2022-4521", "sightings": [{"uuid": "4d9b2172-14d1-4062-9358-e89f08dd992e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45217", "type": "seen", "source": "https://t.me/cibsecurity/54122", "content": "\u203c CVE-2022-45217 \u203c\n\nA cross-site scripting (XSS) vulnerability in Book Store Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Level parameter under the Add New System User module.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-07T16:22:56.000000Z"}, {"uuid": "57e29d9f-dfd4-445f-a6bd-d759d9dcb9ac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45214", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/13528", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-45214\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A cross-site scripting (XSS) vulnerability in Sanitization Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter at /php-sms/classes/Login.php.\n\ud83d\udccf Published: 2022-11-28T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-25T19:47:54.377Z\n\ud83d\udd17 References:\n1. https://github.com/Rajeshwar40/CVE/blob/main/CVE-2022-45214.txt", "creation_timestamp": "2025-04-25T20:08:09.000000Z"}, {"uuid": "f5476d0e-1c2b-4892-ad9e-788cef2367bd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45213", "type": "seen", "source": "https://t.me/cibsecurity/55713", "content": "\u203c CVE-2022-45213 \u203c\n\nperfSONAR before 4.4.6 inadvertently supports the parse option for a file:// URL.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-01T12:15:30.000000Z"}, {"uuid": "c66102ef-fecc-485e-8680-193a6a0c2e30", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4521", "type": "seen", "source": "https://t.me/cibsecurity/54653", "content": "\u203c CVE-2022-4521 \u203c\n\nA vulnerability classified as problematic has been found in WSO2 carbon-registry up to 4.8.7. This affects an unknown part of the component Request Parameter Handler. The manipulation of the argument parentPath/path/username/path/profile_menu leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 4.8.12 is able to address this issue. The name of the patch is 9f967abfde9317bee2cda469dbc09b57d539f2cc. It is recommended to upgrade the affected component. The identifier VDB-215901 was assigned to this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-16T00:23:52.000000Z"}, {"uuid": "8aacb1ef-f4d4-4f79-8aba-459d9bcccfb7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45214", "type": "seen", "source": "https://t.me/cibsecurity/53606", "content": "\u203c CVE-2022-45214 \u203c\n\nA cross-site scripting (XSS) vulnerability in Sanitization Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter at /php-sms/classes/Login.php.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-29T02:19:58.000000Z"}, {"uuid": "710b4c3d-d519-44df-998e-86702d777b60", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45218", "type": "seen", "source": "https://t.me/cibsecurity/53517", "content": "\u203c CVE-2022-45218 \u203c\n\nHuman Resource Management System v1.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability. This vulnerability is triggered via a crafted payload injected into an authentication error message.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-25T20:15:40.000000Z"}, {"uuid": "e749d823-e0e0-4605-9c3e-5396c329bc6e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45210", "type": "seen", "source": "https://t.me/cibsecurity/53511", "content": "\u203c CVE-2022-45210 \u203c\n\nJeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component /sys/user/deleteRecycleBin.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-25T20:15:31.000000Z"}, {"uuid": "0ab4bb0d-cd34-403a-b2f4-53709b722aba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45215", "type": "seen", "source": "https://t.me/cibsecurity/53804", "content": "\u203c CVE-2022-45215 \u203c\n\nA cross-site scripting (XSS) vulnerability in Book Store Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter under the Add New System User module.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-02T18:37:04.000000Z"}]}