Lucene search
K

1239 matches found

Prion
Prion
added 2020/04/07 6:15 p.m.13 views

Input validation

An issue was discovered in xdLocalStorage through 2.0.5. The receiveMessage function in xdLocalStorage.js does not implement any validation of the origin of web messages. Remote attackers who can entice a user to load a malicious site can exploit this issue to impact the confidentiality and...

5.8CVSS6.9AI score0.01327EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2020/04/07 5:19 p.m.19 views

CVE-2015-9544

An issue was discovered in xdLocalStorage through 2.0.5. The receiveMessage function in xdLocalStoragePostMessageApi.js does not implement any validation of the origin of web messages. Remote attackers who can entice a user to load a malicious site can exploit this issue to impact the...

6.9AI score0.01327EPSS
Exploits1References4
CNVD
CNVD
added 2020/03/17 12:0 a.m.2 views

Voo branded NETGEAR CG3700b Cross-Site Request Forgery Vulnerability

The NETGEAR CG3700b is a cable modem and router from NETGEAR. A cross-site request forgery vulnerability exists in the Voo branded NETGEAR CG3700b, which arises from a network system or product that does not adequately validate the origin or authenticity of data, and can be exploited by an attack...

8.8CVSS6.8AI score0.00485EPSS
Exploits1References1
ICS
ICS
added 2020/02/20 12:0 a.m.191 views

Auto-Maskin RP210E, DCU210E, and Marine Observer Pro (Android App)

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Auto-Maskin Equipment: RP 210E Remote Panels, DCU 210E Control Units, and Marine Observer Pro Android App Vulnerabilities: Cleartext Transmission of Sensitive Information, Origin Validation Error,...

10CVSS8.7AI score0.02095EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2020/02/11 12:0 a.m.26 views

Security Updates for Microsoft Office Online Server (February 2020)

The Microsoft Office Online Server installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability : - A spoofing vulnerability exists when Office Online Server does not validate origin in cross-origin communications correctly. An attacker...

5.8CVSS5.6AI score0.00966EPSS
Exploits0References2
CNVD
CNVD
added 2019/11/20 12:0 a.m.2 views

SAP NetWeaver Process Integration Data Forgery Issue Vulnerability

SAP NetWeaver Process Integration PI is an SAP enterprise application integration software from SAP, Germany, and is a component of the NetWeaver product group. The component is mainly used for the exchange of information between the internal system and the external. A vulnerability exists in SAP...

5.3CVSS6.5AI score0.00805EPSS
Exploits0References1
CNVD
CNVD
added 2019/11/14 12:0 a.m.2 views

Microsoft Office Online Server Spoofing Vulnerability

Microsoft Office Online Server is a Web-based office software suite. A spoofing vulnerability exists in Microsoft Office Online Server that originates when Office Online does not properly validate the origin in a cross-domain communication handler. An attacker could exploit this vulnerability by...

5.8CVSS6.5AI score0.00751EPSS
Exploits0References1
CNVD
CNVD
added 2019/07/09 12:0 a.m.3 views

Flarum Cross-Site Request Forgery Vulnerability

Flarum is an open source forum system. A cross-site request forgery vulnerability exists in Flarum versions prior to 0.1.0-beta.9. The vulnerability stems from a networked system or product that does not adequately validate the origin or authenticity of data, which can be exploited by an attacker...

8.8CVSS6.7AI score0.00794EPSS
Exploits0References1
CNVD
CNVD
added 2019/07/02 12:0 a.m.2 views

Advisto PEEL SHOPPING Cross-Site Request Forgery Vulnerability

Advisto PEEL SHOPPING is an open source e-commerce system based on PHP and MySQL. A cross-site request forgery vulnerability exists in Advisto PEEL SHOPPING version 9.0.0. The vulnerability arises from a network system or product that does not adequately validate the origin or authenticity of dat...

8.8CVSS6.8AI score0.0082EPSS
Exploits1References1
CNVD
CNVD
added 2019/06/24 12:0 a.m.2 views

Bobronix JEditor editor for Jira cross-site request forgery vulnerability

Bobronix JEditor editor for Jira is a rich text editor for Jira from Bobronix Cyprus. A cross-site request forgery vulnerability exists in Bobronix JEditor editor for Jira versions prior to 3.0.6. The vulnerability stems from a WEB application that does not adequately validate that a request is...

8.8CVSS6.8AI score0.00969EPSS
Exploits2References1
CNVD
CNVD
added 2019/06/05 12:0 a.m.4 views

Inateck Technology WP1001 Data Forgery Issue Vulnerability

The Inateck Technology WP1001 is a wireless presentation remote control from Inateck Technology, USA. A vulnerability exists in the Inateck Technology WP1001 v1.3C for data forgery issues. The vulnerability arises from a networked system or product that does not adequately validate the origin or...

8.8CVSS6.9AI score0.01333EPSS
Exploits1References1
CNVD
CNVD
added 2019/06/05 12:0 a.m.2 views

Inateck Technology Inateck WP2002 Data Forgery Issue Vulnerability (CNVD-2019-17494)

Inateck Technology The Inateck WP2002 is a wearable wireless presentation remote control from Inateck Technology, USA. A data forgery issue vulnerability exists in the Inateck Technology Inateck WP2002. The vulnerability arises from a networked system or product that does not adequately validate...

8.8CVSS6.9AI score0.0192EPSS
Exploits1References1
Veracode
Veracode
added 2019/05/02 5:29 a.m.25 views

Authorization Bypass

icedtea-web is vulnerable to authorization bypass. It was discovered that IcedTea-Web did not properly determine an applet's origin when asking the user if the applet should be run. A malicious page could use this flaw to cause IcedTea-Web to execute the applet without user approval, or confuse t...

4.3CVSS6.3AI score0.03037EPSS
Exploits0References14Affected Software1
OSV
OSV
added 2019/04/18 8:29 p.m.5 views

CVE-2019-3718

Dell SupportAssist Client versions prior to 3.2.0.90 contain an improper origin validation vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability to attempt CSRF attacks on users of the impacted systems...

8.8CVSS5.8AI score0.00673EPSS
Exploits0References2
NVD
NVD
added 2019/04/18 8:29 p.m.17 views

CVE-2019-3718

Dell SupportAssist Client versions prior to 3.2.0.90 contain an improper origin validation vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability to attempt CSRF attacks on users of the impacted systems...

8.8CVSS8.2AI score0.00673EPSS
Exploits0References2
Prion
Prion
added 2019/04/18 8:29 p.m.10 views

Input validation

Dell SupportAssist Client versions prior to 3.2.0.90 contain an improper origin validation vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability to attempt CSRF attacks on users of the impacted systems...

6.8CVSS8.6AI score0.00673EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/04/18 7:58 p.m.26 views

CVE-2019-3718

Dell SupportAssist Client versions prior to 3.2.0.90 contain an improper origin validation vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability to attempt CSRF attacks on users of the impacted systems...

7.6CVSS8.8AI score0.00673EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2019/04/18 12:0 a.m.4 views

PT-2019-16663 · Dell · Dell Supportassist Client

Name of the Vulnerable Software and Affected Versions: Dell SupportAssist Client versions prior to 3.2.0.90 Description: The issue concerns an improper origin validation, which could be exploited by an unauthenticated remote attacker to attempt CSRF attacks on users of the impacted systems...

8.8CVSS7.8AI score0.00673EPSS
Exploits0References3
OSV
OSV
added 2019/02/19 5:29 p.m.4 views

CVE-2019-5773

Insufficient origin validation in IndexedDB in Google Chrome prior to 72.0.3626.81 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page...

6.5CVSS8.5AI score
Exploits0References7
NVD
NVD
added 2019/02/19 5:29 p.m.16 views

CVE-2019-5773

Insufficient origin validation in IndexedDB in Google Chrome prior to 72.0.3626.81 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page...

6.5CVSS6.5AI score0.01824EPSS
Exploits0References7
Rows per page
Query Builder