{"vulnerability": "cve-2022-3983", "sightings": [{"uuid": "2424d001-dbfd-4b1f-b0b1-d02c7599cba1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39834", "type": "seen", "source": "https://t.me/cibsecurity/53044", "content": "\u203c CVE-2022-39834 \u203c\n\nA stored XSS vulnerability was discovered in adminweb/ra/viewendentity.jsp in PrimeKey EJBCA through 7.9.0.2. A low-privilege user can store JavaScript in order to exploit a higher-privilege user.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-17T15:53:03.000000Z"}, {"uuid": "c4d30233-2bc7-4a8d-977b-f406d3b6d192", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39834", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/13935", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-39834\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A stored XSS vulnerability was discovered in adminweb/ra/viewendentity.jsp in PrimeKey EJBCA through 7.9.0.2. A low-privilege user can store JavaScript in order to exploit a higher-privilege user.\n\ud83d\udccf Published: 2022-11-17T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-29T20:30:25.198Z\n\ud83d\udd17 References:\n1. https://support.keyfactor.com/s/detail/a6x1Q000000CwCoQAK", "creation_timestamp": "2025-04-29T21:13:41.000000Z"}, {"uuid": "90843e45-74d3-44b6-a362-cbe95f891bb1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39833", "type": "seen", "source": "https://t.me/cibsecurity/53447", "content": "\u203c CVE-2022-39833 \u203c\n\nFileCloud Versions 20.2 and later allows remote attackers to potentially cause unauthorized remote code execution and access to reported API endpoints via a crafted HTTP request.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-23T20:14:03.000000Z"}, {"uuid": "b4a9d0af-0205-4bf3-a21a-d1ac0395dcae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3983", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/12220", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-3983\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The Checkout for PayPal WordPress plugin before 1.0.14 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks\n\ud83d\udccf Published: 2022-12-19T13:41:43.213Z\n\ud83d\udccf Modified: 2025-04-17T13:46:12.292Z\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/0b48bbd6-7c77-44b8-a5d6-34e4a0747cf1", "creation_timestamp": "2025-04-17T13:57:48.000000Z"}, {"uuid": "4be12267-2c3c-4077-ba4f-89a1fd2a7ef0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39838", "type": "seen", "source": "https://t.me/arpsyndicate/2685", "content": "#ExploitObserverAlert\n\nCVE-2022-39838\n\nDESCRIPTION: Exploit Observer has 4 entries related to CVE-2022-39838. Systematic FIX Adapter (ALFAFX) 2.4.0.25 13/09/2017 allows remote file inclusion via a UNC share pathname, and also allows absolute path traversal to local pathnames.\n\nFIRST-EPSS: 0.003470000\nNVD-IS: 4.0\nNVD-ES: 3.9", "creation_timestamp": "2024-01-08T21:57:09.000000Z"}, {"uuid": "fcdd286a-6c3e-4328-8502-3ec999acd112", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39836", "type": "seen", "source": "https://t.me/cibsecurity/52051", "content": "\u203c CVE-2022-39836 \u203c\n\nAn issue was discovered in Connected Vehicle Systems Alliance (COVESA) dlt-daemon through 2.18.8. Due to a faulty DLT file parser, a crafted DLT file that crashes the process can be created. This is due to missing validation checks. There is a heap-based buffer over-read of one byte.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-25T20:40:49.000000Z"}, {"uuid": "6ef785aa-1d2e-4f1b-81ae-393cdcda00b4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3983", "type": "seen", "source": "https://t.me/cibsecurity/54858", "content": "\u203c CVE-2022-3983 \u203c\n\nThe Checkout for PayPal WordPress plugin before 1.0.14 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-19T16:10:31.000000Z"}, {"uuid": "a8b39d77-9ffc-4455-9bb2-0ea426eef88e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39830", "type": "seen", "source": "https://t.me/cibsecurity/49280", "content": "\u203c CVE-2022-39830 \u203c\n\nsign_pFwInfo in Samsung mTower through 0.3.0 has a missing check on the return value of EC_KEY_set_public_key_affine_coordinates, leading to a denial of service.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-05T07:11:45.000000Z"}, {"uuid": "7b752ddf-dc8e-4c83-ba14-fd5df47738f9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39835", "type": "seen", "source": "https://t.me/cibsecurity/50536", "content": "\u203c CVE-2022-39835 \u203c\n\nAn issue was discovered in Gajim through 1.4.7. The vulnerability allows attackers, via crafted XML stanzas, to correct messages that were not sent by them. The attacker needs to be part of the group chat or single chat.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-28T02:36:17.000000Z"}]}