Security
Headlines
HeadlinesLatestCVEs

Tag

#webkit

Google Patches Another Chrome Zero-Day as Browser Attacks Mount

The vulnerability is among a rapidly growing number of zero-day bugs that major browser vendors have reported recently.

DARKReading
Open in Source
#vulnerability#web#ios#android#apple#google#microsoft#pdf#auth#zero_day#chrome#webkit#firefox
CVE-2023-48882: EyouCMS-V1.6.4-UTF8-SP1 has a vulnerability, Stored Cross-Site Scripting · Issue #54 · weng-xianhu/eyoucms

A stored cross-site scripting (XSS) vulnerability in EyouCMS v1.6.4-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Document Properties field at /login.php m=admin&c=Index&a=changeTableVal&_ajax=1&lang=cn.

CVE-2023-48881: EyouCMS-V1.6.4-UTF8-SP1 has a vulnerability, Stored Cross-Site Scripting · Issue #53 · weng-xianhu/eyoucms

A stored cross-site scripting (XSS) vulnerability in EyouCMS v1.6.4-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Field Title field at /login.php?m=admin&c=Field&a=arctype_add&_ajax=1&lang=cn.

CVE-2023-48880: EyouCMS-V1.6.4-UTF8-SP1 has a vulnerability, Stored Cross-Site Scripting · Issue #52 · weng-xianhu/eyoucms

A stored cross-site scripting (XSS) vulnerability in EyouCMS v1.6.4-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Menu Name field at /login.php?m=admin&c=Index&a=changeTableVal&_ajax=1&lang=cn.

Ubuntu Security Notice USN-6490-1

Ubuntu Security Notice 6490-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

FireBear Improved Import And Export 3.8.6 XSLT Server Side Injection

FireBear Improved Import and Export version 3.8.6 for Magento 2.4.6 suffers from an XSLT server-side injection vulnerability that allows for command execution.

Debian Security Advisory 5557-1

Debian Linux Security Advisory 5557-1 - WebKitGTK has vulnerabilities. Junsung Lee discovered that processing web content may lead to a denial-of-service. An anonymous researcher discovered that processing web content may lead to arbitrary code execution.

CVE-2022-45781: Tenda AX1803 Buffer Overflow vulnerability . - XFALLEN

Buffer Overflow vulnerability in Tenda AX1803 v1.0.0.1_2994 and earlier allows attackers to run arbitrary code via /goform/SetOnlineDevName.

CVE-2023-45880: usd-2023-0022 - usd HeroLab

GibbonEdu Gibbon through version 25.0.0 allows Directory Traversal via the report template builder. An attacker can create a new Asset Component. The templateFileDestination parameter can be set to an arbitrary pathname (and extension). This allows creation of PHP files outside of the uploads directory, directly in the webroot.