{"vulnerability": "cve-2022-4737", "sightings": [{"uuid": "0772a490-8c35-4ed2-adf4-b81c579d83ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47379", "type": "seen", "source": "Telegram/mZjVEjJ9UySCRyqlZinbXkTti1EvxKvFP59xnKSPk7h14g", "content": "", "creation_timestamp": "2023-08-11T08:14:17.000000Z"}, {"uuid": "2ee3a776-b260-4a97-8c8f-94eadd5a1b12", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2022-47378", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-076-01", "content": "", "creation_timestamp": "2026-03-17T12:00:00.000000Z"}, {"uuid": "4cf7fc10-7a9d-4ff4-b906-c415d6ee43a7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2022-47379", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-076-01", "content": "", "creation_timestamp": "2026-03-17T12:00:00.000000Z"}, {"uuid": "7e2ebc04-4313-4544-862e-c291c09f448b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47373", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/10575", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-47373\n\ud83d\udd25 CVSS Score: 6.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L)\n\ud83d\udd39 Description: Reflected Cross Site Scripting in Search Functionality of Module Library in Pandora FMS Console v766 and lower. This vulnerability arises on the forget password functionality in which parameter username does not proper input validation/sanitization thus results in executing malicious JavaScript payload.\n\ud83d\udccf Published: 2023-02-15T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-04T20:38:38.112Z\n\ud83d\udd17 References:\n1. https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/\n2. https://github.com/Argonx21/CVE-2022-47373", "creation_timestamp": "2025-04-04T21:36:32.000000Z"}, {"uuid": "4ad6cf01-147a-479c-90b2-5592197733e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47378", "type": "seen", "source": "https://t.me/KomunitiSiber/635", "content": "16 New CODESYS SDK Flaws Expose OT Environments to Remote Attacks\nhttps://thehackernews.com/2023/08/15-new-codesys-sdk-flaws-expose-ot.html\n\nA set of 16 high-severity security flaws have been disclosed in the\u00a0CODESYS V3\u00a0software development kit (SDK) that could result in remote code execution and denial-of-service under specific conditions, posing risks to operational technology (OT) environments.\nThe flaws, tracked from CVE-2022-47378 through CVE-2022-47393 and dubbed\u00a0CoDe16, carry a CVSS score of 8.8 with the exception of", "creation_timestamp": "2023-08-11T09:09:47.000000Z"}, {"uuid": "c2029847-1a07-4922-8998-3266feea8613", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47379", "type": "seen", "source": "https://t.me/cibsecurity/64101", "content": "\u203c CVE-2022-47379 \u203c\n\nAn authenticated, remote attacker may use a out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into memory which can lead\u00c2\u00a0to a denial-of-service condition, memory overwriting, or remote code execution.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-15T14:29:49.000000Z"}, {"uuid": "5ca56cbc-6654-4a26-b3ff-4d0a1e9b2207", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47378", "type": "seen", "source": "https://t.me/cibsecurity/64086", "content": "\u203c CVE-2022-47378 \u203c\n\nMultiple CODESYS products in multiple versions are prone to a improper input validation vulnerability. An authenticated remote attacker may craft specific requests that use the vulnerability leading to a denial-of-service condition.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-15T14:29:27.000000Z"}, {"uuid": "bbdcc57f-e8db-4163-9603-9dd3bb7af093", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4737", "type": "seen", "source": "https://t.me/cibsecurity/55309", "content": "\u203c CVE-2022-4737 \u203c\n\nA vulnerability was found in SourceCodester Blood Bank Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file login.php. The manipulation of the argument username/password leads to sql injection. The attack may be initiated remotely. The identifier VDB-216773 was assigned to this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-25T22:40:10.000000Z"}, {"uuid": "82184166-42d5-48f2-8275-95ed1cb5377a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47373", "type": "seen", "source": "https://t.me/cibsecurity/58210", "content": "\u203c CVE-2022-47373 \u203c\n\nReflected Cross Site Scripting in Search Functionality of Module Library in Pandora FMS Console v766 and lower. This vulnerability arises on the forget password functionality in which parameter username does not proper input validation/sanitization thus results in executing malicious JavaScript payload.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-15T07:36:24.000000Z"}, {"uuid": "a738b230-24dc-4312-b9c7-136813c5baa2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47372", "type": "seen", "source": "https://t.me/cibsecurity/58201", "content": "\u203c CVE-2022-47372 \u203c\n\nStored cross-site scripting vulnerability in the Create event section in Pandora FMS Console v766 and lower. An attacker typically exploits this vulnerability by injecting XSS payloads on popular pages of a site or passing a link to a victim, tricking them into viewing the page that contains the stored XSS payload.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-15T07:36:12.000000Z"}, {"uuid": "fb1ac9e2-47a3-46c6-b0f7-14d2c9c7fe47", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47377", "type": "seen", "source": "https://t.me/cibsecurity/54675", "content": "\u203c CVE-2022-47377 \u203c\n\nPassword recovery vulnerability in SICK SIM2000ST Partnumber 2086502 with firmware version <1.13.4 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability. The recommended solution is to update the firmware to a version >= 1.13.4 as soon as possible (available in SICK Support Portal).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-16T18:24:34.000000Z"}]}