{"vulnerability": "cve-2022-3622", "sightings": [{"uuid": "39dfcd1f-79ff-4a87-9d0a-72303984db00", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36223", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/12444", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-36223\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In Emby Server 4.6.7.0, the playlist name field is vulnerable to XSS stored where it is possible to steal the administrator access token and flip or steal the media server administrator account.\n\ud83d\udccf Published: 2022-12-16T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-18T13:24:24.550Z\n\ud83d\udd17 References:\n1. https://medium.com/%40cupc4k3/administrator-account-takeover-in-emby-media-server-616fc2a6704f", "creation_timestamp": "2025-04-18T13:58:49.000000Z"}, {"uuid": "12b9bf2a-9b1b-499b-b7c4-764ed8bda668", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36228", "type": "seen", "source": "https://t.me/cibsecurity/71874", "content": "\u203c CVE-2022-36228 \u203c\n\nNokelock Smart padlock O1 Version 5.3.0 is vulnerable to Insecure Permissions. By sending a request, you can add any device and set the device password in the Nokelock app.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-10T00:16:18.000000Z"}, {"uuid": "69f88a24-199c-4537-b62f-fd6decd5e754", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36223", "type": "seen", "source": "https://t.me/Ent_TranslateIB/257", "content": "#\u0421\u0442\u0430\u0442\u044c\u044f\n\n\u041f\u0435\u0440\u0435\u0432\u043e\u0434: CVE-2022-36223 \u0417\u0430\u0445\u0432\u0430\u0442 \u0443\u0447\u0435\u0442\u043d\u043e\u0439 \u0437\u0430\u043f\u0438\u0441\u0438 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430 \u0432 Emby Media Server\n\n\u23f1\u0412\u0440\u0435\u043c\u044f \u0447\u0442\u0435\u043d\u0438\u044f: 4 \u043c\u0438\u043d\u0443\u0442\u044b", "creation_timestamp": "2022-12-24T10:25:24.000000Z"}, {"uuid": "93cf5728-71fe-4c80-b368-7669b3de476a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36221", "type": "seen", "source": "https://t.me/cibsecurity/55085", "content": "\u203c CVE-2022-36221 \u203c\n\nNokia Fastmile 3tg00118abad52 is affected by an authenticated path traversal vulnerability which allows attackers to read any named pipe file on the system.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-21T22:13:16.000000Z"}, {"uuid": "6a07cf96-295c-4a2b-a270-881717ff61d5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36223", "type": "seen", "source": "https://t.me/cibsecurity/54662", "content": "\u203c CVE-2022-36223 \u203c\n\nIn Emby Server 4.6.7.0, the playlist name field is vulnerable to XSS stored where it is possible to steal the administrator access token and flip or steal the media server administrator account.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-16T16:24:22.000000Z"}, {"uuid": "38501573-22a9-49b0-8aaa-0bd27b136853", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36227", "type": "seen", "source": "https://t.me/cibsecurity/53302", "content": "\u203c CVE-2022-36227 \u203c\n\nIn libarchive 3.6.1, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference or, in some cases, even arbitrary code execution.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-22T07:12:44.000000Z"}, {"uuid": "2011745f-8865-4001-9f3f-92a27a067cfe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36222", "type": "seen", "source": "https://t.me/cibsecurity/55086", "content": "\u203c CVE-2022-36222 \u203c\n\nNokia Fastmile 3tg00118abad52 devices shipped by Optus are shipped with a default hardcoded admin account of admin:Nq+L5st7o This account can be used locally to access the web admin interface.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-21T22:13:17.000000Z"}, {"uuid": "c7e9b36f-29bc-4525-a651-16e425f13bee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36226", "type": "seen", "source": "https://t.me/cibsecurity/48838", "content": "\u203c CVE-2022-36226 \u203c\n\nSiteServerCMS 5.X has a Remote-download-Getshell-vulnerability via /SiteServer/Ajax/ajaxOtherService.aspx.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-26T07:29:38.000000Z"}, {"uuid": "ada2f972-d778-45ba-a62c-2cb945bf6038", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36225", "type": "seen", "source": "https://t.me/cibsecurity/48447", "content": "\u203c CVE-2022-36225 \u203c\n\nEyouCMS V1.5.8-UTF8-SP1 is vulnerable to Cross Site Request Forgery (CSRF) via the background, column management function and add.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-19T20:27:33.000000Z"}, {"uuid": "9458ae90-a52f-4f91-aadc-d138784da1d7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36224", "type": "seen", "source": "https://t.me/cibsecurity/48451", "content": "\u203c CVE-2022-36224 \u203c\n\nXunRuiCMS V4.5.6 is vulnerable to Cross Site Request Forgery (CSRF).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-19T20:17:38.000000Z"}, {"uuid": "fa343c95-4242-4384-8f4a-beb684f2972a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36220", "type": "seen", "source": "https://t.me/cibsecurity/48433", "content": "\u203c CVE-2022-36220 \u203c\n\nKiosk breakout (without quit password) in Safe Exam Browser (Windows) <3.4.0, which allows an attacker to achieve code execution via the browsers' print dialog.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-19T16:17:24.000000Z"}]}