Security
Headlines
HeadlinesLatestCVEs

Tag

#chrome

CVE-2022-43084: CVE_Hunter/XSS-5.md at main · Tr0e/CVE_Hunter

A cross-site scripting (XSS) vulnerability in admin-add-vehicle.php of Vehicle Booking System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the v_name parameter.

CVE
Open in Source
#xss#vulnerability#web#windows#apple#php#auth#chrome#webkit
CVE-2022-43083: CVE_Hunter/RCE-2.md at main · Tr0e/CVE_Hunter

An arbitrary file upload vulnerability in admin-add-vehicle.php of Vehicle Booking System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.

CVE-2022-43085: CVE_Hunter/RCE-3.md at main · Tr0e/CVE_Hunter

An arbitrary file upload vulnerability in add_product.php of Restaurant POS System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.

CVE-2022-43086: CVE_Hunter/SQLi-4.md at main · Tr0e/CVE_Hunter

Restaurant POS System v1.0 was discovered to contain a SQL injection vulnerability via update_customer.php.

CVE-2022-43082: CVE_Hunter/XSS-4.md at main · Tr0e/CVE_Hunter

A cross-site scripting (XSS) vulnerability in /fastfood/purchase.php of Fast Food Ordering System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the customer parameter.

Malware on the Google Play store leads to harmful phishing sites

Categories: Android Categories: News A family of malicious apps from developer Mobile apps Group are on Google Play infected with HiddenAds. (Read more...) The post Malware on the Google Play store leads to harmful phishing sites appeared first on Malwarebytes Labs.

CVE-2022-3370

Use after free in Custom Elements in Google Chrome prior to 106.0.5249.91 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2022-3373: Stable Channel Update for Desktop

Out of bounds write in V8 in Google Chrome prior to 106.0.5249.91 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.

CVE-2022-3783: User can inject JavaScript code into the text node which can cause security issues( Cross-Site Scripting) · Issue #772 · node-red/node-red-dashboard

A vulnerability, which was classified as problematic, has been found in node-red-dashboard. This issue affects some unknown processing of the file components/ui-component/ui-component-ctrl.js of the component ui_text Format Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The name of the patch is 9305d1a82f19b235dfad24a7d1dd4ed244db7743. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-212555.

CVE-2022-3723: Chromium: CVE-2022-3723 Type Confusion in V8

**Why is this Chrome CVE included in the Security Update Guide?** The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. **How can I see the version of the browser?** 1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window 2. Click on **Help and Feedback** 3. Click on **About Microsoft Edge**