{"vulnerability": "cve-2022-4144", "sightings": [{"uuid": "3681fd32-1b66-4f25-990a-fa1bc3d94a67", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41441", "type": "seen", "source": "https://t.me/cibsecurity/56759", "content": "\u203c CVE-2022-41441 \u203c\n\nMultiple cross-site scripting (XSS) vulnerabilities in ReQlogic v11.3 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the POBatch and WaitDuration parameters.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-20T18:27:37.000000Z"}, {"uuid": "858c2b69-a957-47e7-b960-013191692f6d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41445", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/13827", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-41445\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A cross-site scripting (XSS) vulnerability in Record Management System using CodeIgniter 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Add Subject page.\n\ud83d\udccf Published: 2022-11-22T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-29T15:03:51.731Z\n\ud83d\udd17 References:\n1. https://phpgurukul.com/teachers-record-management-system-using-codeigniter/\n2. https://drive.google.com/file/d/18OjJQA2-8-Hdt0HTMwp4aL_Mp_WuffvL/view?usp=sharing\n3. https://ihexcoder.wixsite.com/secresearch/post/cve-2022-41445-cross-site-scripting-in-teachers-record-management-system-using-codeignitor\n4. https://github.com/RashidKhanPathan/CVE-2022-41445", "creation_timestamp": "2025-04-29T15:11:32.000000Z"}, {"uuid": "315fb431-b72a-4520-93e3-cc04f41747ec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41445", "type": "seen", "source": "https://t.me/cibsecurity/53329", "content": "\u203c CVE-2022-41445 \u203c\n\nA cross-site scripting (XSS) vulnerability in Record Management System using CodeIgniter 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Add Subject page.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-22T16:13:01.000000Z"}, {"uuid": "5e589175-9466-4cf3-ad18-cd6e7a1d1e9a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41446", "type": "seen", "source": "https://t.me/cibsecurity/53401", "content": "\u203c CVE-2022-41446 \u203c\n\nAn access control issue in /Admin/dashboard.php of Record Management System using CodeIgniter v1.0 allows attackers to access and modify user data.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-23T07:13:54.000000Z"}, {"uuid": "4cb7de51-8625-480e-9347-631e1472f73b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4144", "type": "seen", "source": "https://t.me/cibsecurity/53664", "content": "\u203c CVE-2022-4144 \u203c\n\nAn out-of-bounds read flaw was found in the QXL display device emulation in QEMU. The qxl_phys2virt() function does not check the size of the structure pointed to by the guest physical address, potentially reading past the end of the bar space into adjacent pages. A malicious guest user could use this flaw to crash the QEMU process on the host causing a denial of service condition.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-29T20:29:01.000000Z"}, {"uuid": "f7da3718-8950-43db-a6f8-98182c2f799c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41443", "type": "seen", "source": "https://t.me/cibsecurity/50828", "content": "\u203c CVE-2022-41443 \u203c\n\nphpipam v1.5.0 was discovered to contain a header injection vulnerability via the component /admin/subnets/ripe-query.php.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-03T20:44:15.000000Z"}, {"uuid": "8d3253d1-2897-429d-8b09-c0174d95e2df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41442", "type": "seen", "source": "https://t.me/cibsecurity/51048", "content": "\u203c CVE-2022-41442 \u203c\n\nPicUploader v2.6.3 was discovered to contain cross-site scripting (XSS) vulnerability via the setStorageParams function in SettingController.php.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-08T02:17:38.000000Z"}, {"uuid": "253dfd51-85a3-4dc3-b0ed-a5b874ada43a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41440", "type": "seen", "source": "https://t.me/cibsecurity/50771", "content": "\u203c CVE-2022-41440 \u203c\n\nBilling System Project v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /phpinventory/editcategory.php.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-30T18:36:12.000000Z"}]}