Andrea Cappa

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 106.0.5249.62 Microsoft Edge (affected versions not specified) **Description** The issue is related to insufficient policy enforcement in developer tools, allowing a remote attacker to potentially perform a sandbox escape via a crafted HTML page. This could enable the attacker to bypass existing security restrictions and disclose protected information using a specially crafted website. **Recommendations** For Google Chrome versions prior to 106.0.5249.62, update to version 106.0.5249.62 or later to resolve the issue. For Microsoft Edge, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: QNAP NAS running Q’center versions prior to Q’center v1.10.1004 QNAP NAS running Q’center versions prior to Q’center v1.12.1012 Description: A post-authentication reflected XSS vulnerability has been reported to affect QNAP NAS running Q’center. If exploited, this vulnerability allows remote attackers to inject malicious code. Recommendations: For QTS 4.5.3, update to Q’center v1.12.1012 or later. For QTS 4.3.6, update to Q’center v1.10.1004 or later. For QTS 4.3.3, update to Q’center v1.10.1004 or later. For QuTS hero h4.5.2, update to Q’center v1.12.1012 or later. For QuTScloud c4.5.4, update to Q’center v1.12.1012 or later.