{"vulnerability": "CVE-2022-4591", "sightings": [{"uuid": "622117a4-fdd9-4548-9f93-dd47595fa75b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45913", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/11175", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-45913\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: An issue was discovered in Zimbra Collaboration (ZCS) 9.0. XSS can occur via one of attributes in webmail URLs to execute arbitrary JavaScript code, leading to information disclosure.\n\ud83d\udccf Published: 2023-01-06T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-09T20:33:00.389Z\n\ud83d\udd17 References:\n1. https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories\n2. https://wiki.zimbra.com/wiki/Security_Center", "creation_timestamp": "2025-04-09T20:48:46.000000Z"}, {"uuid": "55189eab-f95f-44d3-ab94-2c2c22b91f73", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45911", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/11178", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-45911\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: An issue was discovered in Zimbra Collaboration (ZCS) 9.0. XSS can occur on the Classic UI login page by injecting arbitrary JavaScript code in the username field. This occurs before the user logs into the system, which means that even if the attacker executes arbitrary JavaScript, they will not get any sensitive information.\n\ud83d\udccf Published: 2023-01-06T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-09T20:31:37.345Z\n\ud83d\udd17 References:\n1. https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories\n2. https://wiki.zimbra.com/wiki/Security_Center", "creation_timestamp": "2025-04-09T20:48:49.000000Z"}, {"uuid": "cb824a3d-770f-435d-892c-303597757a07", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45910", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/12995", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-45910\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Improper neutralization of special elements used in an LDAP query ('LDAP Injection') vulnerability in ActiveDirectory and Sharepoint ActiveDirectory authority connectors of Apache ManifoldCF allows an attacker to manipulate the LDAP search queries (DoS, additional queries, filter manipulation) during user lookup, if the username or the domain string are passed to the UserACLs servlet without validation.\n\nThis issue affects Apache ManifoldCF version 2.23 and prior versions.\n\ud83d\udccf Published: 2022-12-07T09:50:52.700Z\n\ud83d\udccf Modified: 2025-04-22T21:02:38.711Z\n\ud83d\udd17 References:\n1. https://lists.apache.org/thread/m693p0dq6jvwwvmy2wnhj6k854z0s444", "creation_timestamp": "2025-04-22T22:04:03.000000Z"}, {"uuid": "3d176f98-ec5a-4a04-969c-2792f3f22854", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45913", "type": "seen", "source": "https://t.me/cibsecurity/56087", "content": "\u203c CVE-2022-45913 \u203c\n\nAn issue was discovered in Zimbra Collaboration (ZCS) 9.0. XSS can occur via one of attributes in webmail URLs to execute arbitrary JavaScript code, leading to information disclosure.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-07T02:25:18.000000Z"}, {"uuid": "14084081-8681-4145-b582-bec6e5c9b529", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45914", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/13815", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-45914\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The ESL (Electronic Shelf Label) protocol, as implemented by (for example) the OV80e934802 RF transceiver on the ETAG-2130-V4.3 20190629 board, does not use authentication, which allows attackers to change label values via 433 MHz RF signals, as demonstrated by disrupting the organization of a hospital storage unit, or changing retail pricing.\n\ud83d\udccf Published: 2022-11-27T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-29T13:55:26.106Z\n\ud83d\udd17 References:\n1. https://www.youtube.com/watch?v=FQRMNjZVlHg\n2. http://seclists.org/fulldisclosure/2022/Dec/6\n3. http://packetstormsecurity.com/files/170177/Zhuhai-Suny-Technology-ESL-Tag-Forgery-Replay-Attacks.html", "creation_timestamp": "2025-04-29T14:11:43.000000Z"}, {"uuid": "72160e73-4895-47ec-a8a6-bce2183d020d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45911", "type": "seen", "source": "https://t.me/cibsecurity/56086", "content": "\u203c CVE-2022-45911 \u203c\n\nAn issue was discovered in Zimbra Collaboration (ZCS) 9.0. XSS can occur on the Classic UI login page by injecting arbitrary JavaScript code in the username field. This occurs before the user logs into the system, which means that even if the attacker executes arbitrary JavaScript, they will not get any sensitive information.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-07T02:25:17.000000Z"}, {"uuid": "5f341021-8fde-4efa-a145-af9dac499d8d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45910", "type": "seen", "source": "https://t.me/cibsecurity/54115", "content": "\u203c CVE-2022-45910 \u203c\n\nImproper neutralization of special elements used in an LDAP query ('LDAP Injection') vulnerability in ActiveDirectory and Sharepoint ActiveDirectory authority connectors of Apache ManifoldCF allows an attacker to manipulate the LDAP search queries (DoS, additional queries, filter manipulation) during user lookup, if the username or the domain string are passed to the UserACLs servlet without validation. This issue affects Apache ManifoldCF version 2.23 and prior versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-07T12:22:21.000000Z"}, {"uuid": "41489241-5f87-4e68-b261-c0c5ef0f6af5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45912", "type": "seen", "source": "https://t.me/cibsecurity/54040", "content": "\u203c CVE-2022-45912 \u203c\n\nAn issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. Remote code execution can occur through ClientUploader by an authenticated admin user. An authenticated admin user can upload files through the ClientUploader utility, and traverse to any other directory for remote code execution.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-06T00:40:33.000000Z"}, {"uuid": "40ca87a9-6156-476c-9960-914d48e29199", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4591", "type": "seen", "source": "https://t.me/cibsecurity/54807", "content": "\u203c CVE-2022-4591 \u203c\n\nA vulnerability was found in mschaef toto up to 1.4.20. It has been declared as problematic. This vulnerability affects unknown code of the component Email Parameter Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 1.4.21 is able to address this issue. The name of the patch is 1f27f37c1a06f54a76971f70eaa6139dc139bdf9. It is recommended to upgrade the affected component. VDB-216178 is the identifier assigned to this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-17T22:30:29.000000Z"}]}