{"vulnerability": "cve-2022-4301", "sightings": [{"uuid": "169bee6a-234b-4cad-8128-fd0552df3c76", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4301", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/11157", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-4301\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The Sunshine Photo Cart WordPress plugin before 2.9.15 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting.\n\ud83d\udccf Published: 2023-01-09T22:13:37.475Z\n\ud83d\udccf Modified: 2025-04-09T19:19:48.209Z\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/a8dca528-fb70-44f3-8149-21385039179d", "creation_timestamp": "2025-04-09T19:48:36.000000Z"}, {"uuid": "1667e8e6-7b86-4555-9f65-a113fc26b79c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43018", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/15717", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-43018\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the email parameter in the Check Email function.\n\ud83d\udccf Published: 2022-10-19T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-09T14:13:36.680Z\n\ud83d\udd17 References:\n1. https://github.com/hansmach1ne/opencats_zero-days/blob/main/XSS_in_checkEmail.md", "creation_timestamp": "2025-05-09T14:25:58.000000Z"}, {"uuid": "a15301c3-3fb4-451d-a337-c8c91a899a9c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43019", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/15719", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-43019\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: OpenCATS v0.9.6 was discovered to contain a remote code execution (RCE) vulnerability via the getDataGridPager's ajax functionality.\n\ud83d\udccf Published: 2022-10-19T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-09T14:10:18.231Z\n\ud83d\udd17 References:\n1. https://github.com/hansmach1ne/opencats_zero-days/blob/main/RCE_via_deserialisation.md", "creation_timestamp": "2025-05-09T14:26:02.000000Z"}, {"uuid": "069e685d-7415-483f-9570-2e64147b7a32", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4301", "type": "seen", "source": "https://t.me/cibsecurity/56188", "content": "\u203c CVE-2022-4301 \u203c\n\nThe Sunshine Photo Cart WordPress plugin before 2.9.15 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-10T02:27:57.000000Z"}, {"uuid": "676c770b-6cfc-40a6-9488-340d61e170ab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43019", "type": "seen", "source": "https://t.me/cibsecurity/51835", "content": "\u203c CVE-2022-43019 \u203c\n\nOpenCATS v0.9.6 was discovered to contain a remote code execution (RCE) vulnerability via the getDataGridPager's ajax functionality.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-19T22:15:49.000000Z"}, {"uuid": "56a11db4-3888-4dca-8769-673eb567b673", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43014", "type": "seen", "source": "https://t.me/cibsecurity/51828", "content": "\u203c CVE-2022-43014 \u203c\n\nOpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the joborderID parameter.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-19T22:15:41.000000Z"}, {"uuid": "b651e88d-087e-4875-aa96-09077b5e72dc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43018", "type": "seen", "source": "https://t.me/cibsecurity/51824", "content": "\u203c CVE-2022-43018 \u203c\n\nOpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the email parameter in the Check Email function.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-19T22:15:36.000000Z"}, {"uuid": "7d393a8c-ff99-4865-980a-5e9817fcd086", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43016", "type": "seen", "source": "https://t.me/cibsecurity/51819", "content": "\u203c CVE-2022-43016 \u203c\n\nOpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the callback component.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-19T22:15:29.000000Z"}]}