CVE-2022-29916 Firefox treats CSS variables differently when they are already known resources. This could be used to probe the browser history.
By default, CSS variables are not supported in Firefox. The only way to enable them is to add a userContent preference. This preference is enabled
CVE-2022-31744 CSS injected via internal URIs could bypass a page's Content Security Policy.
The attacker would need to host a malicious stylesheet on a malicious server—for example, if they have compromised the same server. In cases where
CVE-2022-4176 An out of bounds write in Lacros Graphics in Google Chrome on Chrome OS and Lacros prior to 108.0.5359.71 allowed a remote attacker to exploit heap corruption via UI interactions.
This issue was fixed in version 9.5.5.5. The issue existed due to a race condition where the out of bounds write could
CVE-2022-3824: WP Admin UI Customize Plugin Vulnerability Leads to Stored XSS Attacks
In this in-depth post, we explore a vulnerability in the WP Admin UI Customize WordPress plugin (versions before 1.5.13) that has been identified
CVE-2022-41643: Stored Cross-Site Scripting (XSS) Vulnerability in Accessibility Plugin <= 1..3 on WordPress for Administrator and Higher Privileges
The Common Vulnerabilities and Exposures (CVE) identifier CVE-2022-41643 refers to a stored Cross-Site Scripting (XSS) vulnerability in the WordPress Accessibility plugin (version 1..3 and
Episode
00:00:00
00:00:00