logo
DATABASE RESOURCES PRICING ABOUT US

CVE-2020-11610

Description

An issue was discovered in xdLocalStorage through 2.0.5. The postData() function in xdLocalStoragePostMessageApi.js specifies the wildcard (*) as the targetOrigin when calling the postMessage() function on the parent object. Therefore any domain can load the application hosting the "magical iframe" and receive the messages that the "magical iframe" sends.


Affected Software


CPE Name Name Version
cross_domain_local_storage_project:cross_domain_local_storage cross domain local storage project cross domain local storage 2.0.5