11 matches found
EUVD-2025-16516
Malicious code in bioql PyPI...
CVE-2025-48883
Chrome PHP allows users to start playing with chrome/chromium in headless mode from PHP. Prior to version 1.14.0, CSS Selector expressions are not properly encoded, which can lead to XSS cross-site scripting vulnerabilities. This is patched in v1.14.0. As a workaround, users can apply encoding...
CVE-2025-48883
Chrome PHP allows users to start playing with chrome/chromium in headless mode from PHP. Prior to version 1.14.0, CSS Selector expressions are not properly encoded, which can lead to XSS cross-site scripting vulnerabilities. This is patched in v1.14.0. As a workaround, users can apply encoding...
CVE-2025-48883
CVE-2025-48883 concerns the Chrome PHP package (chrome-php/chrome). The vulnerability arises because CSS Selector expressions are not properly encoded prior to version 1.14.0, which can enable a cross-site scripting (XSS) issue when interacting with headless Chrome/Chromium from PHP. The issue is...
CVE-2025-48883 Chrome PHP is missing encoding in `CssSelector`
Chrome PHP allows users to start playing with chrome/chromium in headless mode from PHP. Prior to version 1.14.0, CSS Selector expressions are not properly encoded, which can lead to XSS cross-site scripting vulnerabilities. This is patched in v1.14.0. As a workaround, users can apply encoding...
CVE-2025-48883 Chrome PHP is missing encoding in `CssSelector`
Chrome PHP allows users to start playing with chrome/chromium in headless mode from PHP. Prior to version 1.14.0, CSS Selector expressions are not properly encoded, which can lead to XSS cross-site scripting vulnerabilities. This is patched in v1.14.0. As a workaround, users can apply encoding...
CVE-2025-48883 Chrome PHP is missing encoding in `CssSelector`
Chrome PHP allows users to start playing with chrome/chromium in headless mode from PHP. Prior to version 1.14.0, CSS Selector expressions are not properly encoded, which can lead to XSS cross-site scripting vulnerabilities. This is patched in v1.14.0. As a workaround, users can apply encoding...
Chrome PHP 跨站脚本漏洞
Chrome PHP is a headless chrome/chrome instance in PHP from the Chrome PHP open source. A cross-site scripting vulnerability exists in Chrome PHP versions prior to 1.14.0 that stems from a CSS selector expression that is not properly encoded, which could lead to a cross-site scripting attack...
Cross-site Scripting (XSS)
chrome-php/chrome is vulnerable to cross-site scripting XSS. The vulnerability is due to improper encoding due to CSS Selector expressions not being properly escaped, allowing injection of malicious scripts...
GHSA-3432-FMRF-7VMH Chrome PHP is missing encoding in `CssSelector`
Impact CSS Selector expressions are not properly encoded, which can lead to XSS cross-site scripting vulnerabilities. Patches This is patched in v1.14.0. Workarounds Users can apply encoding manually to their selectors, if they are unable to upgrade...
PT-2025-23223 · Unknown · Chrome Php
Name of the Vulnerable Software and Affected Versions: Chrome PHP versions prior to 1.14.0 Description: The issue arises from CSS Selector expressions not being properly encoded, leading to potential cross-site scripting XSS vulnerabilities. There is no information provided about the estimated...