CVE-2015-9544

An issue was discovered in xdLocalStorage through 2.0.5. The receiveMessage function in xdLocalStoragePostMessageApi.js does not implement any validation of the origin of web messages. Remote attackers who can entice a user to load a malicious site can exploit this issue to impact the...

@sobotics/caching (=1.1.1) potentially affected by CVE-2015-9544 via xdlocalstorage (=2.0.5)

xdlocalstorage NPM version =2.0.5 is affected by a known vulnerability. The following packages have a transitive dependency on xdlocalstorage and may be impacted: - @sobotics/caching =1.1.1 Source cves: CVE-2015-9544 Source advisory: OSV:GHSA-VRC7-6G8W-JH56...

CVE-2015-9544

creationtimestamp| type| source ---|---|--- 2020-04-07 23:18:25+00:00| seen| https://t.me/cibsecurity/11091...

CVE-2015-9544

CVE-2015-9544 affects xdLocalStorage up to version 2.0.5. The postMessage API (xdLocalStoragePostMessageApi.js) does not validate the origin of received web messages, enabling remote attackers who lure a user to a malicious site to read/alter data in local storage of the vulnerable site. Impact s...