{"vulnerability": "cve-2022-3062", "sightings": [{"uuid": "a82b24af-5d59-49df-ae9b-329c38504aff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3062", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/17303", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-3062\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The Simple File List WordPress plugin before 4.4.12 does not escape parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting\n\ud83d\udccf Published: 2022-09-26T12:35:39.000Z\n\ud83d\udccf Modified: 2025-05-22T14:13:49.522Z\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/2e829bbe-1843-496d-a852-4150fa6d1f7a", "creation_timestamp": "2025-05-22T14:44:59.000000Z"}, {"uuid": "0d426f26-f964-4bcc-ba0e-de802243c828", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30625", "type": "seen", "source": "https://t.me/shadowdefendersgroup/367", "content": "\ud83d\udd34\u062a\u0648\u0635\u0644\u0646\u0627 \u0644\u062b\u063a\u0631\u0629 \u0628\u0645\u0648\u0642\u0639 \u062c\u0627\u0645\u0639\u0629 \u062a\u0644 \u0623\u0628\u064a\u0628... \u0628\u062d\u064a\u062b \u062a\u0645\u0643\u0646\u0646\u0627 \u0645\u0646 \u0627\u0644\u0648\u0635\u0648\u0644 \u0644\u0645\u0644\u0641\u0627\u062a \u0627\u0644\u0645\u0648\u0642\u0639 ... \n\n\ud83d\udfe1\u064a\u0645\u0643\u0646\u0646\u0627 \u0627\u0646 \u0646\u0631\u0649 \u0627\u0633\u0645 \u0627\u0644\u0645\u0637\u0648\u0631 : Nir Zaidman\n\n\ud83d\udd34We penetrated the Tel Aviv University website, so that we were able to access the website files and important other docs...\n\n\ud83d\udfe1The name of the apk dev is : Nir Zaidman\n\nEnjoy : https://courses.cs.tau.ac.il/0368-4166/projects/\n\nVulnerability ID CVE-2022-30625\n\n#MoroccanCyberForces\n#OpIsrael", "creation_timestamp": "2024-09-06T16:29:28.000000Z"}, {"uuid": "6f02a8df-20c9-434f-9f93-8f5fd3f82078", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3062", "type": "seen", "source": "https://t.me/cibsecurity/50480", "content": "\u203c CVE-2022-3062 \u203c\n\nThe Simple File List WordPress plugin before 4.4.12 does not escape parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-26T16:22:03.000000Z"}, {"uuid": "f6f4adf2-f34a-4243-9036-7e8ab1c0ef4f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30625", "type": "published-proof-of-concept", "source": "https://t.me/MoroccanCyberForces/863", "content": "\ud83d\udd34\u062a\u0648\u0635\u0644\u0646\u0627 \u0644\u062b\u063a\u0631\u0629 \u0628\u0645\u0648\u0642\u0639 \u062c\u0627\u0645\u0639\u0629 \u062a\u0644 \u0623\u0628\u064a\u0628... \u0628\u062d\u064a\u062b \u062a\u0645\u0643\u0646\u0646\u0627 \u0645\u0646 \u0627\u0644\u0648\u0635\u0648\u0644 \u0644\u0645\u0644\u0641\u0627\u062a \u0627\u0644\u0645\u0648\u0642\u0639 ... \n\n\ud83d\udfe1\u064a\u0645\u0643\u0646\u0646\u0627 \u0627\u0646 \u0646\u0631\u0649 \u0627\u0633\u0645 \u0627\u0644\u0645\u0637\u0648\u0631 : Nir Zaidman\n\n\ud83d\udd34We penetrated the Tel Aviv University website, so that we were able to access the website files and important other docs...\n\n\ud83d\udfe1The name of the apk dev is : Nir Zaidman\n\nEnjoy : https://courses.cs.tau.ac.il/0368-4166/projects/\n\nVulnerability ID CVE-2022-30625\n\n#MoroccanCyberForces\n#OpIsrael", "creation_timestamp": "2024-09-06T13:20:24.000000Z"}, {"uuid": "845a5a1a-2433-42fb-9769-3ee7e7d5dcdb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30628", "type": "seen", "source": "https://t.me/cibsecurity/46762", "content": "\u203c CVE-2022-30628 \u203c\n\nIt was possible to download all receipts without authentication. Must first access the API https://XXXX.supersmart.me/services/v4/customer/signin to get a TOKEN. Then you can then access the API that provides invoice images based on the URL https://XXXX.supersmart.me/services/v4/invoiceImg?orderId=XXXXX\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-21T20:18:23.000000Z"}, {"uuid": "b5ff77f7-9ec5-4c9f-82ad-4178f995fa2b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30624", "type": "seen", "source": "https://t.me/cibsecurity/46439", "content": "\u203c CVE-2022-30624 \u203c\n\nBrowsing the admin.html page allows the user to reset the admin password. Also appears in the JS code for the password.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-18T16:36:23.000000Z"}, {"uuid": "890d6e93-7cc8-43e9-8e48-2f1f2123d775", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30621", "type": "seen", "source": "https://t.me/cibsecurity/46435", "content": "\u203c CVE-2022-30621 \u203c\n\nAllows a remote user to read files on the camera's OS \"GetFileContent.cgi\". Reading arbitrary files on the camera's OS as root user.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-18T16:36:19.000000Z"}, {"uuid": "7f00cd50-988c-4375-9f81-5e81550c754d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30625", "type": "seen", "source": "https://t.me/cibsecurity/46433", "content": "\u203c CVE-2022-30625 \u203c\n\nDirectory listing is a web server function that displays the directory contents when there is no index file in a specific website directory. A directory listing provides an attacker with the complete index of all the resources located inside of the directory. The specific risks and consequences vary depending on which files are listed and accessible.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-18T16:36:15.000000Z"}, {"uuid": "1abe605a-b9a0-4646-80c0-5d2a621f7487", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30626", "type": "seen", "source": "https://t.me/cibsecurity/46444", "content": "\u203c CVE-2022-30626 \u203c\n\nBrowsing the path: http://ip/wifi_ap_pata_get.cmd, will show in the name of the existing access point on the component, and a password in clear text.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-18T16:36:28.000000Z"}, {"uuid": "d8e483e6-722d-49e7-99c1-3c221e269ca2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30627", "type": "seen", "source": "https://t.me/cibsecurity/46441", "content": "\u203c CVE-2022-30627 \u203c\n\nThis vulnerability affects all of the company's products that also include the FW versions: update_i90_cv2.021_b20210104, update_i50_v1.0.55_b20200509, update_x6_v2.1.2_b202001127, update_b5_v2.0.9_b20200706. This vulnerability makes it possible to extract from the FW the existing user passwords on their operating systems and passwords.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-18T16:36:25.000000Z"}, {"uuid": "d5e7a81c-0e78-4939-9ebb-dccdf5d26813", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30623", "type": "seen", "source": "https://t.me/cibsecurity/46436", "content": "\u203c CVE-2022-30623 \u203c\n\nThe server checks the user's cookie in a non-standard way, and a value is entered in the cookie value name of the status and its value is set to true to bypass the identification with the system using a username and password.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-18T16:36:19.000000Z"}, {"uuid": "0017ce3a-17a1-4c8f-884a-51a1c84d9577", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30620", "type": "seen", "source": "https://t.me/cibsecurity/46438", "content": "\u203c CVE-2022-30620 \u203c\n\nOn Cellinx Camera with guest enabled, attacker with web access can elevate privileges to administrative: \"1\" to \"0\" privileges by changing the following cookie values from \"is_admin\", \"showConfig\". Administrative Privileges which allows changing various configuration in the camera.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-18T16:36:22.000000Z"}]}