<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<rss xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/" version="2.0">
  <channel>
    <title>Most recent sightings.</title>
    <link>https://vulnerability.circl.lu</link>
    <description>Contains only the most 10 recent sightings.</description>
    <docs>http://www.rssboard.org/rss-specification</docs>
    <generator>python-feedgen</generator>
    <language>en</language>
    <lastBuildDate>Thu, 16 Jul 2026 17:12:55 +0000</lastBuildDate>
    <item>
      <title>e3eac345-02bb-4d6c-b958-9c3e8c2397cc</title>
      <link>https://vulnerability.circl.lu/sighting/e3eac345-02bb-4d6c-b958-9c3e8c2397cc/export</link>
      <description>{"uuid": "e3eac345-02bb-4d6c-b958-9c3e8c2397cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23078", "type": "seen", "source": "https://t.me/cibsecurity/44936", "content": "\u203c CVE-2022-23078 \u203c\n\nIn habitica versions v4.119.0 through v4.232.2 are vulnerable to open redirect via the login page.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-22T16:28:33.000000Z"}</description>
      <content:encoded>{"uuid": "e3eac345-02bb-4d6c-b958-9c3e8c2397cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23078", "type": "seen", "source": "https://t.me/cibsecurity/44936", "content": "\u203c CVE-2022-23078 \u203c\n\nIn habitica versions v4.119.0 through v4.232.2 are vulnerable to open redirect via the login page.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-22T16:28:33.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/e3eac345-02bb-4d6c-b958-9c3e8c2397cc/export</guid>
      <pubDate>Wed, 22 Jun 2022 16:28:33 +0000</pubDate>
    </item>
    <item>
      <title>ad81d5c6-ec3c-4098-b047-8ecde889cab6</title>
      <link>https://vulnerability.circl.lu/sighting/ad81d5c6-ec3c-4098-b047-8ecde889cab6/export</link>
      <description>{"uuid": "ad81d5c6-ec3c-4098-b047-8ecde889cab6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23079", "type": "seen", "source": "https://t.me/cibsecurity/44935", "content": "\u203c CVE-2022-23079 \u203c\n\nIn motor-admin versions 0.0.1 through 0.2.56 are vulnerable to host header injection in the password reset functionality where malicious actor can send fake password reset email to arbitrary victim.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-22T16:28:32.000000Z"}</description>
      <content:encoded>{"uuid": "ad81d5c6-ec3c-4098-b047-8ecde889cab6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23079", "type": "seen", "source": "https://t.me/cibsecurity/44935", "content": "\u203c CVE-2022-23079 \u203c\n\nIn motor-admin versions 0.0.1 through 0.2.56 are vulnerable to host header injection in the password reset functionality where malicious actor can send fake password reset email to arbitrary victim.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-22T16:28:32.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/ad81d5c6-ec3c-4098-b047-8ecde889cab6/export</guid>
      <pubDate>Wed, 22 Jun 2022 16:28:32 +0000</pubDate>
    </item>
    <item>
      <title>36eb9bd2-9abe-4c28-9aa4-14c3eed8b530</title>
      <link>https://vulnerability.circl.lu/sighting/36eb9bd2-9abe-4c28-9aa4-14c3eed8b530/export</link>
      <description>{"uuid": "36eb9bd2-9abe-4c28-9aa4-14c3eed8b530", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23077", "type": "seen", "source": "https://t.me/cibsecurity/44934", "content": "\u203c CVE-2022-23077 \u203c\n\nIn habitica versions v4.119.0 through v4.232.2 are vulnerable to DOM XSS via the login page.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-22T16:28:31.000000Z"}</description>
      <content:encoded>{"uuid": "36eb9bd2-9abe-4c28-9aa4-14c3eed8b530", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23077", "type": "seen", "source": "https://t.me/cibsecurity/44934", "content": "\u203c CVE-2022-23077 \u203c\n\nIn habitica versions v4.119.0 through v4.232.2 are vulnerable to DOM XSS via the login page.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-22T16:28:31.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/36eb9bd2-9abe-4c28-9aa4-14c3eed8b530/export</guid>
      <pubDate>Wed, 22 Jun 2022 16:28:31 +0000</pubDate>
    </item>
    <item>
      <title>269d2d2c-8061-4b82-86af-b4225e86c837</title>
      <link>https://vulnerability.circl.lu/sighting/269d2d2c-8061-4b82-86af-b4225e86c837/export</link>
      <description>{"uuid": "269d2d2c-8061-4b82-86af-b4225e86c837", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23074", "type": "seen", "source": "https://t.me/cibsecurity/44870", "content": "\u203c CVE-2022-23074 \u203c\n\nIn Recipes, versions 0.17.0 through 1.2.5 are vulnerable to Stored Cross-Site Scripting (XSS), in the \u00e2\u20ac\u02dcName\u00e2\u20ac\u2122 field of Keyword, Food and Unit components. When a victim accesses the Keyword/Food/Unit endpoints, the XSS payload will trigger. A low privileged attacker will have the victim's API key and can lead to admin's account takeover.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-21T14:37:22.000000Z"}</description>
      <content:encoded>{"uuid": "269d2d2c-8061-4b82-86af-b4225e86c837", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23074", "type": "seen", "source": "https://t.me/cibsecurity/44870", "content": "\u203c CVE-2022-23074 \u203c\n\nIn Recipes, versions 0.17.0 through 1.2.5 are vulnerable to Stored Cross-Site Scripting (XSS), in the \u00e2\u20ac\u02dcName\u00e2\u20ac\u2122 field of Keyword, Food and Unit components. When a victim accesses the Keyword/Food/Unit endpoints, the XSS payload will trigger. A low privileged attacker will have the victim's API key and can lead to admin's account takeover.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-21T14:37:22.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/269d2d2c-8061-4b82-86af-b4225e86c837/export</guid>
      <pubDate>Tue, 21 Jun 2022 14:37:22 +0000</pubDate>
    </item>
    <item>
      <title>7d613366-dcda-49cf-9915-2426cbdf6ace</title>
      <link>https://vulnerability.circl.lu/sighting/7d613366-dcda-49cf-9915-2426cbdf6ace/export</link>
      <description>{"uuid": "7d613366-dcda-49cf-9915-2426cbdf6ace", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23073", "type": "seen", "source": "https://t.me/cibsecurity/44862", "content": "\u203c CVE-2022-23073 \u203c\n\nIn Recipes, versions 1.0.5 through 1.2.5 are vulnerable to Stored Cross-Site Scripting (XSS), in copy to clipboard functionality. When a victim accesses the food list page, then adds a new Food with a malicious javascript payload in the \u00e2\u20ac\u02dcName\u00e2\u20ac\u2122 parameter and clicks on the clipboard icon, an XSS payload will trigger. A low privileged attacker will have the victim's API key and can lead to admin's account takeover.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-21T12:27:38.000000Z"}</description>
      <content:encoded>{"uuid": "7d613366-dcda-49cf-9915-2426cbdf6ace", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23073", "type": "seen", "source": "https://t.me/cibsecurity/44862", "content": "\u203c CVE-2022-23073 \u203c\n\nIn Recipes, versions 1.0.5 through 1.2.5 are vulnerable to Stored Cross-Site Scripting (XSS), in copy to clipboard functionality. When a victim accesses the food list page, then adds a new Food with a malicious javascript payload in the \u00e2\u20ac\u02dcName\u00e2\u20ac\u2122 parameter and clicks on the clipboard icon, an XSS payload will trigger. A low privileged attacker will have the victim's API key and can lead to admin's account takeover.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-21T12:27:38.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/7d613366-dcda-49cf-9915-2426cbdf6ace/export</guid>
      <pubDate>Tue, 21 Jun 2022 12:27:38 +0000</pubDate>
    </item>
    <item>
      <title>1fea0da2-314b-46d2-ad0c-479d339e84f4</title>
      <link>https://vulnerability.circl.lu/sighting/1fea0da2-314b-46d2-ad0c-479d339e84f4/export</link>
      <description>{"uuid": "1fea0da2-314b-46d2-ad0c-479d339e84f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23072", "type": "seen", "source": "https://t.me/cibsecurity/44860", "content": "\u203c CVE-2022-23072 \u203c\n\nIn Recipes, versions 1.0.5 through 1.2.5 are vulnerable to Stored Cross-Site Scripting (XSS), in \u00e2\u20ac\u0153Add to Cart\u00e2\u20ac\ufffd functionality. When a victim accesses the food list page, then adds a new Food with a malicious javascript payload in the \u00e2\u20ac\u02dcName\u00e2\u20ac\u2122 parameter and clicks on the Add to Shopping Cart icon, an XSS payload will trigger. A low privileged attacker will have the victim's API key and can lead to admin's account takeover.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-21T12:27:36.000000Z"}</description>
      <content:encoded>{"uuid": "1fea0da2-314b-46d2-ad0c-479d339e84f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23072", "type": "seen", "source": "https://t.me/cibsecurity/44860", "content": "\u203c CVE-2022-23072 \u203c\n\nIn Recipes, versions 1.0.5 through 1.2.5 are vulnerable to Stored Cross-Site Scripting (XSS), in \u00e2\u20ac\u0153Add to Cart\u00e2\u20ac\ufffd functionality. When a victim accesses the food list page, then adds a new Food with a malicious javascript payload in the \u00e2\u20ac\u02dcName\u00e2\u20ac\u2122 parameter and clicks on the Add to Shopping Cart icon, an XSS payload will trigger. A low privileged attacker will have the victim's API key and can lead to admin's account takeover.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-21T12:27:36.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/1fea0da2-314b-46d2-ad0c-479d339e84f4/export</guid>
      <pubDate>Tue, 21 Jun 2022 12:27:36 +0000</pubDate>
    </item>
  </channel>
</rss>
