CVE-2022-39270 - How a Simple Discourse Table of Contents Could Let Attackers Inject HTML
If you run a Discourse forum—say for your club, your company, or a large online community—you likely use, or have seen, the DiscoTOC
CVE-2022-1948 - Exploiting XSS in GitLab Quick Actions — What Happened and How Attackers Take Advantage
In May 2022, security researchers discovered a critical issue affecting GitLab — a popular tool countless teams use for code collaboration and DevOps. This problem, registered
CVE-2022-1492 - How Insufficient Data Validation in Google Chrome Blink Editing Exposed Users to Script Injection
Google Chrome is the world’s most popular web browser. Millions of people trust it for everything online. But sometimes, a single overlooked detail can
CVE-2022-1494 - How Insufficient Data Validation in Chrome’s Trusted Types Led to a Real-World XSS Bypass
The world of cyber security is a constant arms race between attackers looking for loopholes and defenders patching them up. One of the defense-in-depth features
CVE-2022-32209 - XSS in Rails HTML Sanitizer – What You Need to Know
TL;DR:
A cross-site scripting (XSS) vulnerability was discovered in all versions of Rails::Html::Sanitizer when both select and style tags are allowed. Every
Episode
00:00:00
00:00:00