EUVD-2013-5052

Malware in sbrugna...

EUVD-2014-1480

Malware in sbrugna...

CVE-2023-27739

easyXDM 2.5 allows XSS via the xdme parameter...

CVE-2023-27739

easyXDM 2.5 allows XSS via the xdme parameter...

CVE-2023-27739

easyXDM 2.5 allows XSS via the xdme parameter...

Cross site scripting

easyXDM 2.5 allows XSS via the xdme parameter...

EasyXDM Security Vulnerability

EasyXDM is a lightweight open source JavaScript cross domain solution . The solution implements the encapsulation of various cross-domain solutions to eliminate the limitations imposed by the same-origin policy and to facilitate cross-domain communication of applications through JavaScript APIs. ...

CVE-2023-27739

easyXDM 2.5 allows XSS via the xdme parameter...

PT-2024-12147 · Easyxdm · Easyxdm

Name of the Vulnerable Software and Affected Versions: easyXDM version 2.5 Description: The issue allows for cross-site scripting XSS attacks via the xdm e parameter. This means an attacker could potentially inject malicious scripts into a website, affecting users who visit the site...

CVE-2023-27739

CVE-2023-27739 affects easyXDM 2.5, where the xdm_e parameter allows cross-site scripting (XSS). Multiple connected sources confirm an XSS vulnerability in easyXDM 2.5, with PoC-like exploitation noted in the advisory. Impact is limited to achieving XSS via the xdm_e parameter; no explicit patche...

CVE-2013-5212

Cross-site Scripting XSS in EasyXDM before 2.4.18 allows remote attackers to inject arbitrary web script or html via the easyxdm.swf file...

Cross site scripting

Cross-site Scripting XSS in EasyXDM before 2.4.18 allows remote attackers to inject arbitrary web script or html via the easyxdm.swf file...

CVE-2013-5212

Cross-site Scripting XSS in EasyXDM before 2.4.18 allows remote attackers to inject arbitrary web script or html via the easyxdm.swf file...

CVE-2013-5212

CVE-2013-5212 affects the easyXDM library (pre-2.4.18). The Flash transport implemented in easyxdm.swf could be fed injected parameters via ExternalInterface.call(), enabling XSS in HTML documents that use EasyXDM.Socket/Rpc. The vulnerability arises from improper encoding of inputs sent to the F...

Mail.ru: easyXDM allows cross domain postmessaging with any origin, leaking sensitive info

Mail.Ru Agent uses easyXDM library for crossdomain communication between different mail.ru messaging systems. For modern browsers postMessage is used inside. The security issue was because of lacking ACL for domains. So malicious man could in some circumstances he should know victim's email, forc...

CVE-2014-1403

Cross-site scripting XSS vulnerability in name.html in easyXDM before 2.4.19 allows remote attackers to inject arbitrary web script or HTML via the location.hash value...

Cross site scripting

Cross-site scripting XSS vulnerability in name.html in easyXDM before 2.4.19 allows remote attackers to inject arbitrary web script or HTML via the location.hash value...

CVE-2014-1403

Cross-site scripting XSS vulnerability in name.html in easyXDM before 2.4.19 allows remote attackers to inject arbitrary web script or HTML via the location.hash value...

CVE-2014-1403

CVE-2014-1403 affects the easyXDM library (name.html) with a DOM XSS in the location.hash parameter, allowing an attacker to inject scripts run in the hosting domain’s context. The vulnerability is present in easyXDM prior to version 2.4.19; exploitation would require parsing/building a malicious...

easyXDM 2.4.16 Cross Site Scripting

Affected products ================= easyXDM library = 2.4.16 - http://easyxdm.net/wp/ easyXDM is a Javascript library that enables you as a developer to easily work around the limitation set in place by the Same Origin Policy, in turn making it easy to communicate and expose javascript API’s acro...