{"vulnerability": "cve-2022-3991", "sightings": [{"uuid": "2057aa52-e3d7-4acb-a9be-424b70d56078", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3991", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/2826", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-3991\n\ud83d\udd39 Description: The Photospace Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its settings parameters saved via the update() function in versions up to, and including, 2.3.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.\n\ud83d\udccf Published: 2022-11-29T20:43:32.624Z\n\ud83d\udccf Modified: 2025-01-23T20:48:47.703Z\n\ud83d\udd17 References:\n1. https://plugins.trac.wordpress.org/browser/photospace/trunk/photospace.php#L87\n2. https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-3991", "creation_timestamp": "2025-01-23T21:03:34.000000Z"}, {"uuid": "69b592f6-9bae-457f-9717-b2bc4145582c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39915", "type": "seen", "source": "https://t.me/cibsecurity/54165", "content": "\u203c CVE-2022-39915 \u203c\n\nImproper access control vulnerability in Calendar prior to versions 11.6.08.0 in Android Q(10), 12.2.11.3000 in Android R(11), 12.3.07.2000 in Android S(12), and 12.4.02.0 in Android T(13) allows attackers to access sensitive information via implicit intent.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-08T18:17:42.000000Z"}, {"uuid": "1df8f9ec-d6fb-4879-af75-2e77709ae75c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3991", "type": "seen", "source": "https://t.me/cibsecurity/53688", "content": "\u203c CVE-2022-3991 \u203c\n\nThe Photospace Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its settings parameters saved via the update() function in versions up to, and including, 2.3.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-30T00:29:44.000000Z"}]}