{"vulnerability": "cve-2022-2873", "sightings": [{"uuid": "6e2afe9b-c103-48a1-b9b6-51ac996e1506", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28739", "type": "seen", "source": "https://bsky.app/profile/gcpweekly.bsky.social/post/3lzzeuxkcgj2c", "content": "", "creation_timestamp": "2025-09-30T01:31:31.621814Z"}, {"uuid": "bf88e449-6fd2-47a7-bbed-02b9c515747c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28738", "type": "seen", "source": "https://t.me/ctinow/52874", "content": "Internet Bug Bounty: CVE-2022-28738: Double free in Regexp compilation\n\nhttps://ift.tt/wLqCV9G", "creation_timestamp": "2022-05-30T17:01:48.000000Z"}, {"uuid": "ad578722-d645-4ad7-8686-b03fc1dd1036", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28731", "type": "seen", "source": "https://t.me/arpsyndicate/3182", "content": "#ExploitObserverAlert\n\nCVE-2022-28731\n\nDESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2022-28731. A carefully crafted request on UserPreferences.jsp could trigger an CSRF vulnerability on Apache JSPWiki before 2.11.3, which could allow the attacker to modify the email associated with the attacked account, and then a reset password request from the login page.\n\nFIRST-EPSS: 0.000630000\nNVD-IS: 3.6\nNVD-ES: 2.8", "creation_timestamp": "2024-01-28T03:24:43.000000Z"}, {"uuid": "8c7c437d-499b-4fe7-abae-7f35eb684315", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28732", "type": "seen", "source": "https://t.me/arpsyndicate/3155", "content": "#ExploitObserverAlert\n\nCVE-2022-28732\n\nDESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2022-28732. A carefully crafted request on WeblogPlugin could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.11.3 or later.\n\nFIRST-EPSS: 0.003650000\nNVD-IS: 2.7\nNVD-ES: 2.8", "creation_timestamp": "2024-01-28T01:52:15.000000Z"}, {"uuid": "86a54a58-062c-4055-92f9-d7bad6785a36", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28730", "type": "seen", "source": "https://t.me/arpsyndicate/689", "content": "#ExploitObserverAlert\n\nCVE-2022-28730\n\nDESCRIPTION: Exploit Observer has 2 entries related to CVE-2022-28730. A carefully crafted request on AJAXPreview.jsp could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. This vulnerability leverages CVE-2021-40369, where the Denounce plugin dangerously renders user-supplied URLs. Upon re-testing CVE-2021-40369, it appears that the patch was incomplete as it was still possible to insert malicious input via the Denounce plugin. Apache JSPWiki users should upgrade to 2.11.3 or later.\n\nFIRST-EPSS: 0.002570000\nNVD-IS: 2.7\nNVD-ES: 2.8", "creation_timestamp": "2023-11-29T07:07:55.000000Z"}, {"uuid": "2ca2f748-43c5-4062-9db9-96ed6e43dc46", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2873", "type": "seen", "source": "https://t.me/cibsecurity/48512", "content": "\u203c CVE-2022-2873 \u203c\n\nAn out-of-bounds memory access flaw was found in the Linux kernel Intel\u00e2\u20ac\u2122s iSMT SMBus host controller driver in the way a user triggers the I2C_SMBUS_BLOCK_DATA (with the ioctl I2C_SMBUS) with malicious input data. This flaw allows a local user to crash the system.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-22T18:26:57.000000Z"}, {"uuid": "d850774d-2514-4e69-852a-676563f05730", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28730", "type": "seen", "source": "https://t.me/cibsecurity/47538", "content": "\u203c CVE-2022-28730 \u203c\n\nA carefully crafted request on AJAXPreview.jsp could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. This vulnerability leverages CVE-2021-40369, where the Denounce plugin dangerously renders user-supplied URLs. Upon re-testing CVE-2021-40369, it appears that the patch was incomplete as it was still possible to insert malicious input via the Denounce plugin. Apache JSPWiki users should upgrade to 2.11.3 or later.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-04T12:19:26.000000Z"}, {"uuid": "a37e20c8-6051-4638-ba73-6a7b56977734", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28732", "type": "seen", "source": "https://t.me/cibsecurity/47545", "content": "\u203c CVE-2022-28732 \u203c\n\nA carefully crafted request on WeblogPlugin could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.11.3 or later.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-04T12:19:36.000000Z"}, {"uuid": "6acbc951-2bb6-4e5b-aa3d-f9b5394e8e0e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28731", "type": "seen", "source": "https://t.me/cibsecurity/47535", "content": "\u203c CVE-2022-28731 \u203c\n\nA carefully crafted request on UserPreferences.jsp could trigger an CSRF vulnerability on Apache JSPWiki before 2.11.3, which could allow the attacker to modify the email associated with the attacked account, and then a reset password request from the login page.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-04T12:19:23.000000Z"}, {"uuid": "0ed7a2f0-a147-483d-b5c2-eb9cf2b2cc0e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28739", "type": "seen", "source": "https://t.me/cibsecurity/42213", "content": "\u203c CVE-2022-28739 \u203c\n\nThere is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. It occurs in String-to-Float conversion, including Kernel#Float and String#to_f.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-09T22:33:17.000000Z"}, {"uuid": "c7c46156-07e2-444c-a6b5-75a881fdadd9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28738", "type": "seen", "source": "https://t.me/cibsecurity/42209", "content": "\u203c CVE-2022-28738 \u203c\n\nA double free was found in the Regexp compiler in Ruby 3.x before 3.0.4 and 3.1.x before 3.1.2. If a victim attempts to create a Regexp from untrusted user input, an attacker may be able to write to unexpected memory locations.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-09T22:33:13.000000Z"}]}