{"vulnerability": "cve-2022-3402", "sightings": [{"uuid": "cbbd2293-278c-46e4-a9e7-d210ca5f11c4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-34021", "type": "seen", "source": "https://t.me/cibsecurity/51373", "content": "\u203c CVE-2022-34021 \u203c\n\nMultiple Cross Site Scripting (XSS) vulnerabilities in ResIOT IOT Platform + LoRaWAN Network Server through 4.1.1000114 via the form fields.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-14T02:28:16.000000Z"}, {"uuid": "e87b8783-eae9-4cf2-9782-de9992570217", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3402", "type": "seen", "source": "https://t.me/cibsecurity/52246", "content": "\u203c CVE-2022-3402 \u203c\n\nThe Log HTTP Requests plugin for WordPress is vulnerable to Stored Cross-Site Scripting via logged HTTP requests in versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers who can trick a site's administrator into performing an action like clicking on a link, or an authenticated user with access to a page that sends a request using user-supplied data via the server, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-28T22:29:40.000000Z"}, {"uuid": "3f597f93-e524-448f-9013-931ef42d99b0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-34020", "type": "seen", "source": "https://t.me/cibsecurity/51309", "content": "\u203c CVE-2022-34020 \u203c\n\nCross Site Request Forgery (CSRF) vulnerability in ResIOT ResIOT IOT Platform + LoRaWAN Network Server through 4.1.1000114 allows attackers to add new admin users to the platform or other unspecified impacts.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-13T07:27:33.000000Z"}, {"uuid": "942d4ce5-e91c-49c8-961e-75a01e2e4765", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-34022", "type": "seen", "source": "https://t.me/cibsecurity/51370", "content": "\u203c CVE-2022-34022 \u203c\n\nSQL injection vulnerability in ResIOT IOT Platform + LoRaWAN Network Server through 4.1.1000114 via a crafted POST request to /ResiotQueryDBActive.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-14T02:28:13.000000Z"}, {"uuid": "27009f46-e48f-483b-ad5b-5ed5ab17a0e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-34023", "type": "seen", "source": "https://t.me/cibsecurity/46565", "content": "\u203c CVE-2022-34023 \u203c\n\nBarangay Management System v1.0 was discovered to contain a SQL injection vulnerability via the hidden_id parameter at /officials/officials.php.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-19T20:40:56.000000Z"}, {"uuid": "ace32d6a-d456-47ae-90ce-406206177fe9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-34029", "type": "seen", "source": "https://t.me/cibsecurity/46513", "content": "\u203c CVE-2022-34029 \u203c\n\nNginx NJS v0.7.4 was discovered to contain an out-of-bounds read via njs_scope_value at njs_scope.h.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-19T00:39:56.000000Z"}, {"uuid": "a952bd06-f6a5-452c-a9d1-8db7d818f923", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-34027", "type": "seen", "source": "https://t.me/cibsecurity/46511", "content": "\u203c CVE-2022-34027 \u203c\n\nNginx NJS v0.7.4 was discovered to contain a segmentation violation via njs_value_property at njs_value.c.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-19T00:39:53.000000Z"}, {"uuid": "68d7521a-af08-46b4-80d9-a2ce917a4cb5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-34028", "type": "seen", "source": "https://t.me/cibsecurity/46510", "content": "\u203c CVE-2022-34028 \u203c\n\nNginx NJS v0.7.5 was discovered to contain a segmentation violation via njs_utf8_next at src/njs_utf8.h.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-19T00:39:52.000000Z"}, {"uuid": "5f7a3bcf-57d6-46ba-905d-e27a0c77d56b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-34024", "type": "seen", "source": "https://t.me/cibsecurity/46574", "content": "\u203c CVE-2022-34024 \u203c\n\nBarangay Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the resident module editing function at /bmis/pages/resident/resident.php.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-19T22:40:48.000000Z"}, {"uuid": "85e4b364-2e32-4a16-89ad-c83ea5dd7fd7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-34025", "type": "seen", "source": "https://t.me/cibsecurity/46582", "content": "\u203c CVE-2022-34025 \u203c\n\nVesta v1.0.0-5 was discovered to contain a cross-site scripting (XSS) vulnerability via the post function at /web/api/v1/upload/UploadHandler.php.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-19T22:41:00.000000Z"}]}