Advisory #64
TitleOByte wallet remote code execution through chat message
CVE IDCVE-2022-25642
Affected productObyte wallet
Affected versions<= 3.4.0
Vulnerability typeCWE-79 (Cross-site Scripting)
DescriptionOByte wallet has a vulnerability that allows a malicious chat message to execute arbitrary JavaScript, which results in remote code execution.
StatusFixed in 3.4.1.
RecommendationUpdate to 3.4.1 or above.