CVE-2022-22759 An iframe with sandboxed scripts wouldn't allow scripts if a document append element has a JavaScript event handler.
An iframe can have an event handler that runs scripts on the iframe's parent. The event can be prevented from running by blocking
CVE-2022-4185 - Spoofing iOS Chrome Modal Dialogues with Crafted HTML (Explained simply)
In December 2022, Google patched a medium-severity security issue affecting Chrome for iOS (Safari-based), tracked as CVE-2022-4185. This bug allowed remote attackers to spoof the
CVE-2022-39338 - How a Nextcloud user_oidc Discovery URL Bug Enabled XSS in Safari
Nextcloud is one of the most popular open-source self-hosted cloud services out there. Like many modern platforms, Nextcloud supports logging in with multiple identity providers
CVE-2022-43138 Dolibarr Open Source ERP & CRM for Business before v14.0.1 allows attackers to escalate privileges.
This can be leveraged in a Man-In-The-Middle attack to inject arbitrary requests. Dolibarr Open Source ERP & CRM for Business before v14.0.1 does
CVE-2022-41049 Windows Mark of the Web Security Feature Bypass Vulnerability
The earlier ID was assigned to a Cross-Origin Resource Sharing (CORS) bypass vulnerability in Open Graph API. This is an important feature to let a
Episode
00:00:00
00:00:00