{"vulnerability": "CVE-2022-3550", "sightings": [{"uuid": "ec071e85-b9a0-4b79-a3cf-6c9578bd3021", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35507", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lnglalpc5o27", "content": "", "creation_timestamp": "2025-04-22T21:02:25.354596Z"}, {"uuid": "37c0cb26-0b97-4d38-a715-bdd273eefda3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35501", "type": "seen", "source": "https://t.me/cibsecurity/53448", "content": "\u203c CVE-2022-35501 \u203c\n\nStored Cross-site Scripting in Amasty Blog Pro 2.10.4 and 2.10.4 creates post functionality and lower versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-23T20:14:04.000000Z"}, {"uuid": "9e2a79bc-3627-4b59-b284-c87da50d974d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35501", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/13728", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-35501\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Stored Cross-site Scripting (XSS) exists in the Amasty Blog Pro 2.10.3 and 2.10.4 plugin for Magento 2 because of the duplicate post function.\n\ud83d\udccf Published: 2022-11-23T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-28T19:57:01.232Z\n\ud83d\udd17 References:\n1. http://amasty.com\n2. https://github.com/afine-com/CVE-2022-35501", "creation_timestamp": "2025-04-28T20:11:13.000000Z"}, {"uuid": "2fd059ef-9e60-4f4f-a1cf-38b2516e617d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35500", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/13727", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-35500\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Amasty Blog 2.10.3 is vulnerable to Cross Site Scripting (XSS) via leave comment functionality.\n\ud83d\udccf Published: 2022-11-23T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-28T19:59:04.095Z\n\ud83d\udd17 References:\n1. http://amasty.com\n2. https://github.com/afine-com/CVE-2022-35500", "creation_timestamp": "2025-04-28T20:11:12.000000Z"}, {"uuid": "efcea1dc-8573-48a7-a450-d4ef9909c051", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35509", "type": "seen", "source": "https://t.me/arpsyndicate/2809", "content": "#ExploitObserverAlert\n\nCVE-2022-35509\n\nDESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2022-35509. An issue was discovered in EyouCMS 1.5.8. There is a Storage XSS vulnerability that can allows an attacker to execute arbitrary Web scripts or HTML by injecting a special payload via the title parameter in the foreground contribution, allowing the attacker to obtain sensitive information.\n\nFIRST-EPSS: 0.000560000\nNVD-IS: 2.7\nNVD-ES: 2.3", "creation_timestamp": "2024-01-15T21:39:17.000000Z"}, {"uuid": "62def48b-1f68-421c-8149-e8db651b4868", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35500", "type": "seen", "source": "https://t.me/cibsecurity/53403", "content": "\u203c CVE-2022-35500 \u203c\n\nAmasty Blog 2.10.3 is vulnerable to Cross Site Scripting (XSS) via leave comment functionality.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-23T07:13:56.000000Z"}, {"uuid": "a70a3473-a65b-4615-88c0-85b8c0cf34e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35505", "type": "seen", "source": "https://t.me/cibsecurity/47520", "content": "\u203c CVE-2022-35505 \u203c\n\nA segmentation fault in TripleCross v0.1.0 occurs when sending a control command from the client to the server. This occurs because there is no limit to the length of the output of the executed command.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-04T00:23:28.000000Z"}, {"uuid": "0faac1bc-27ad-4fd8-a852-637686475a36", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35507", "type": "seen", "source": "https://t.me/cibsecurity/53962", "content": "\u203c CVE-2022-35507 \u203c\n\nA response-header CRLF injection vulnerability in the Proxmox Virtual Environment (PVE) and Proxmox Mail Gateway (PMG) web interface allows a remote attacker to set cookies for a victim's browser that are longer than the server expects, causing a client-side DoS. This affects Chromium-based browsers because they allow injection of response headers with %0d. This is fixed in pve-http-server 4.1-3.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-04T22:39:04.000000Z"}, {"uuid": "dbc31b76-2b36-47a6-9641-770623ab5cc9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35508", "type": "seen", "source": "https://t.me/cibsecurity/53961", "content": "\u203c CVE-2022-35508 \u203c\n\nProxmox Virtual Environment (PVE) and Proxmox Mail Gateway (PMG) are vulnerable to SSRF when proxying HTTP requests between pve(pmg)proxy and pve(pmg)daemon. An attacker with an unprivileged account can craft an HTTP request to achieve SSRF and file disclosure of any files on the server. Also, in Proxmox Mail Gateway, privilege escalation to the root@pam account is possible if the backup feature has ever been used, because backup files such as pmg-backup_YYYY_MM_DD_*.tgz have 0644 permissions and contain an authkey value. This is fixed in pve-http-server 4.1-3.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-04T22:39:03.000000Z"}, {"uuid": "63b9c568-6908-48b5-a9c2-a9b3263ff22c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35509", "type": "seen", "source": "https://t.me/cibsecurity/47908", "content": "\u203c CVE-2022-35509 \u203c\n\nAn issue was discovered in EyouCMS 1.5.8. There is a Storage XSS vulnerability that can allows an attacker to execute arbitrary Web scripts or HTML by injecting a special payload via the title parameter in the foreground contribution, allowing the attacker to obtain sensitive information.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-11T00:32:14.000000Z"}, {"uuid": "ea16fcd1-b3b8-48a8-a3b5-61ff14c6125e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35506", "type": "seen", "source": "https://t.me/cibsecurity/47516", "content": "\u203c CVE-2022-35506 \u203c\n\nTripleCross v0.1.0 was discovered to contain a stack overflow which occurs because there is no limit to the length of program parameters.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-04T00:23:22.000000Z"}]}