Security
Headlines
HeadlinesLatestCVEs

Tag

#google

CVE-2022-24811: Cross-site Scripting (XSS) - Stored in itop

Combodi iTop is a web based IT Service Management tool. Prior to versions 2.7.6 and 3.0.0, cross-site scripting is possible for scripts outside of script tags when displaying HTML attachments. This issue is fixed in versions 2.7.6 and 3.0.0. There are currently no known workarounds.

CVE
Open in Source
#xss#vulnerability#web#google#git
CVE-2022-26635: xhzeem | Php5-memcached Injection Bypass

PHP-Memcached v2.2.0 and below contains an improper NULL termination which allows attackers to execute CLRF injection.

CVE-2021-28428: GitHub - ttimot24/HorizontCMS: Lightweight CMS built on Laravel 8, VueJs 2.6 and Bootstrap 5.1. An alternative platform to OctoberCMS

File upload vulnerability in HorizontCMS before 1.0.0-beta.3 via uploading a .htaccess and *.hello files using the Media Files upload functionality. The original file upload vulnerability (CVE-2020-27387) was remediated by restricting the PHP extensions; however, we confirmed that the filter was bypassed via uploading an arbitrary .htaccess and *.hello files in order to execute PHP code to gain RCE.

CVE-2022-0800: Stable Channel Update for Desktop

Heap buffer overflow in Cast UI in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.

CVE-2022-0809: Stable Channel Update for Desktop

Out of bounds memory access in WebXR in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2022-0456: Stable Channel Update for Desktop

Use after free in Web Search in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via profile destruction.

CVE-2022-0453: 1284916 - chromium - An open-source project to help move the web forward.

Use after free in Reader Mode in Google Chrome prior to 98.0.4758.80 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

CVE-2022-0463: 1268240 - chromium - An open-source project to help move the web forward.

Use after free in Accessibility in Google Chrome prior to 98.0.4758.80 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via user interaction.

CVE-2022-0458: 1267060 - chromium - An open-source project to help move the web forward.

Use after free in Thumbnail Tab Strip in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2022-0460: 1250227 - chromium - An open-source project to help move the web forward.

Use after free in Window Dialogue in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.