Security
Headlines
HeadlinesLatestCVEs

Tag

#chrome

CVE-2022-27330: GitHub - CP04042K/Full-Ecommece-Website-Add_Product-Stored_XSS-POC

A cross-site scripting (XSS) vulnerability in /public/admin/index.php?add_product of E-Commerce Website v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Product Title text field.

CVE
#xss#vulnerability#web#windows#apple#google#git#php#chrome#webkit
CVE-2022-28599: A stored cross-site scripting (XSS) vulnerability exists in FUEL-CMS-1.5.1 · Issue #595 · daylightstudio/FUEL-CMS

A stored cross-site scripting (XSS) vulnerability exists in FUEL-CMS 1.5.1 that allows an authenticated user to upload a malicious .pdf file which acts as a stored XSS payload. If this stored XSS payload is triggered by an administrator it will trigger a XSS attack.

CVE-2022-27466: MCMS 5.2.7 SQLI · Issue #90 · ming-soft/MCMS

MCMS v5.2.27 was discovered to contain a SQL injection vulnerability in the orderBy parameter at /dict/list.do.

CVE-2022-28572: CVEIDs/TendaAX18 at main · F0und-icu/CVEIDs

Tenda AX1806 v1.0.0.1 was discovered to contain a command injection vulnerability in `SetIPv6Status` function

CVE-2022-28572: TempName/TendaAX18 at main · F0und-icu/TempName

Tenda AX1806 v1.0.0.1 was discovered to contain a command injection vulnerability in `SetIPv6Status` function

CVE-2022-29969: ⚓ T307028 XSS in Extension:RSS when $wgRSSAllowLinkTag = true;

The RSS extension before 2022-04-29 for MediaWiki allows XSS via an rss element (if the feed is in $wgRSSUrlWhitelist and $wgRSSAllowLinkTag is true).

CVE-2021-31673: Cyclos 4.14.7 - Dom-based Cross-Site Scripting (CVE-2021-31673)

A Dom-based Cross-site scripting (XSS) vulnerability at registration account in Cyclos 4 PRO.14.7 and before allows remote attackers to inject arbitrary web script or HTML via the groupId parameter.

Update now! Critical patches for Chrome and Edge

Google has released an update for the Chrome browser that includes 30 security fixes. Edge and other Chromium-based browsers also need updating. The post Update now! Critical patches for Chrome and Edge appeared first on Malwarebytes Labs.

Google Play’s Data safety section empowers Android users to make informed app choices

Google has been busy. After introducing badges for browser apps, it's also launched its "nutrition labels" for apps. The post Google Play’s Data safety section empowers Android users to make informed app choices appeared first on Malwarebytes Labs.