Advisory #64
| Title | OByte wallet remote code execution through chat message |
| CVE ID | CVE-2022-25642 |
| Vendor | Obyte |
| Affected product | Obyte wallet |
| Affected versions | <= 3.4.0 |
| Vulnerability type | CWE-79 (Cross-site Scripting) |
| Description | OByte wallet has a vulnerability that allows a malicious chat message to execute arbitrary JavaScript, which results in remote code execution. |
| Status | Fixed in 3.4.1. |
| Recommendation | Update to 3.4.1 or above. |