GHSA-W937-FG2H-XHQ2 locize Client SDK: Cross-origin DOM XSS & Handler Hijack Through Missing e.origin Validation in InContext Editor

Summary Versions of the locize client SDK the browser module that wires up the locize InContext translation editor prior to 4.0.21 register a window.addEventListener"message", … handler that dispatches to registered internal handlers editKey, commitKey, commitKeys, isLocizeEnabled,...

CVE-2026-2345 Insufficient Origin Validation in Proctorio Chrome Extension postMessage Handlers

Proctorio Chrome Extension is a browser extension used for online proctoring. The extension contains multiple window.addEventListener'message', ... handlers that do not properly validate the origin of incoming messages. Specifically, an internal messaging bridge processes messages based solely on...

CVE-2026-2345

Technical details about CVE-2026-2345 are not publicly available in the provided documents. Monitor for updates from Red Hat/NVD/CVE listings for affected products, impact, and remediation specifics.

PT-2026-7613

Proctorio Chrome Extension is a browser extension used for online proctoring. The extension contains multiple window.addEventListener'message', ... handlers that do not properly validate the origin of incoming messages. Specifically, an internal messaging bridge processes messages based solely on...

EUVD-2002-1818

Malware in sbrugna...

EUVD-2024-3042

Malicious code in bioql PyPI...

CVE-2024-50052

CVE-2024-50052 affects Mattermost versions 9.5.x, 9.10.x, and 9.11.x up to the indicated patch levels, where an authentication-validated integration action fails to verify that the origin of the message matches the original post metadata. This allows an authenticated user to delete an arbitrary p...

xdLocalStorage input validation error vulnerability (CNVD-2020-28470)

xdLocalStorage is a lightweight JavaScript library that supports cross-domain data storage . An input validation error vulnerability exists in xdLocalStorage, which stems from a function that does not perform any validation on the origin of a Web message. An attacker can exploit this vulnerabilit...

SuSE 11 / 11.1 Security Update : mipv6d (SAT Patch Numbers 3048 / 3049)

The following issues have been fixed : - the mipv6 daemon did not check the origin of netlink messages, therefore allowing local users to spoof messages. CVE-2010-2522 - remote attackers could cause buffer overflows in mipv6d. CVE-2010-2523 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

CVE-2002-1839

Trend Micro InterScan VirusWall for Windows NT 3.52 does not record the sender's IP address in the headers for a mail message when it is passed from VirusWall to the MTA, which allows remote attackers to hide the origin of the message...