1239 matches found
Input validation
An issue was discovered in xdLocalStorage through 2.0.5. The receiveMessage function in xdLocalStorage.js does not implement any validation of the origin of web messages. Remote attackers who can entice a user to load a malicious site can exploit this issue to impact the confidentiality and...
CVE-2015-9544
An issue was discovered in xdLocalStorage through 2.0.5. The receiveMessage function in xdLocalStoragePostMessageApi.js does not implement any validation of the origin of web messages. Remote attackers who can entice a user to load a malicious site can exploit this issue to impact the...
Voo branded NETGEAR CG3700b Cross-Site Request Forgery Vulnerability
The NETGEAR CG3700b is a cable modem and router from NETGEAR. A cross-site request forgery vulnerability exists in the Voo branded NETGEAR CG3700b, which arises from a network system or product that does not adequately validate the origin or authenticity of data, and can be exploited by an attack...
Auto-Maskin RP210E, DCU210E, and Marine Observer Pro (Android App)
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Auto-Maskin Equipment: RP 210E Remote Panels, DCU 210E Control Units, and Marine Observer Pro Android App Vulnerabilities: Cleartext Transmission of Sensitive Information, Origin Validation Error,...
Security Updates for Microsoft Office Online Server (February 2020)
The Microsoft Office Online Server installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability : - A spoofing vulnerability exists when Office Online Server does not validate origin in cross-origin communications correctly. An attacker...
SAP NetWeaver Process Integration Data Forgery Issue Vulnerability
SAP NetWeaver Process Integration PI is an SAP enterprise application integration software from SAP, Germany, and is a component of the NetWeaver product group. The component is mainly used for the exchange of information between the internal system and the external. A vulnerability exists in SAP...
Microsoft Office Online Server Spoofing Vulnerability
Microsoft Office Online Server is a Web-based office software suite. A spoofing vulnerability exists in Microsoft Office Online Server that originates when Office Online does not properly validate the origin in a cross-domain communication handler. An attacker could exploit this vulnerability by...
Flarum Cross-Site Request Forgery Vulnerability
Flarum is an open source forum system. A cross-site request forgery vulnerability exists in Flarum versions prior to 0.1.0-beta.9. The vulnerability stems from a networked system or product that does not adequately validate the origin or authenticity of data, which can be exploited by an attacker...
Advisto PEEL SHOPPING Cross-Site Request Forgery Vulnerability
Advisto PEEL SHOPPING is an open source e-commerce system based on PHP and MySQL. A cross-site request forgery vulnerability exists in Advisto PEEL SHOPPING version 9.0.0. The vulnerability arises from a network system or product that does not adequately validate the origin or authenticity of dat...
Bobronix JEditor editor for Jira cross-site request forgery vulnerability
Bobronix JEditor editor for Jira is a rich text editor for Jira from Bobronix Cyprus. A cross-site request forgery vulnerability exists in Bobronix JEditor editor for Jira versions prior to 3.0.6. The vulnerability stems from a WEB application that does not adequately validate that a request is...
Inateck Technology WP1001 Data Forgery Issue Vulnerability
The Inateck Technology WP1001 is a wireless presentation remote control from Inateck Technology, USA. A vulnerability exists in the Inateck Technology WP1001 v1.3C for data forgery issues. The vulnerability arises from a networked system or product that does not adequately validate the origin or...
Inateck Technology Inateck WP2002 Data Forgery Issue Vulnerability (CNVD-2019-17494)
Inateck Technology The Inateck WP2002 is a wearable wireless presentation remote control from Inateck Technology, USA. A data forgery issue vulnerability exists in the Inateck Technology Inateck WP2002. The vulnerability arises from a networked system or product that does not adequately validate...
Authorization Bypass
icedtea-web is vulnerable to authorization bypass. It was discovered that IcedTea-Web did not properly determine an applet's origin when asking the user if the applet should be run. A malicious page could use this flaw to cause IcedTea-Web to execute the applet without user approval, or confuse t...
CVE-2019-3718
Dell SupportAssist Client versions prior to 3.2.0.90 contain an improper origin validation vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability to attempt CSRF attacks on users of the impacted systems...
CVE-2019-3718
Dell SupportAssist Client versions prior to 3.2.0.90 contain an improper origin validation vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability to attempt CSRF attacks on users of the impacted systems...
Input validation
Dell SupportAssist Client versions prior to 3.2.0.90 contain an improper origin validation vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability to attempt CSRF attacks on users of the impacted systems...
CVE-2019-3718
Dell SupportAssist Client versions prior to 3.2.0.90 contain an improper origin validation vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability to attempt CSRF attacks on users of the impacted systems...
PT-2019-16663 · Dell · Dell Supportassist Client
Name of the Vulnerable Software and Affected Versions: Dell SupportAssist Client versions prior to 3.2.0.90 Description: The issue concerns an improper origin validation, which could be exploited by an unauthenticated remote attacker to attempt CSRF attacks on users of the impacted systems...
CVE-2019-5773
Insufficient origin validation in IndexedDB in Google Chrome prior to 72.0.3626.81 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page...
CVE-2019-5773
Insufficient origin validation in IndexedDB in Google Chrome prior to 72.0.3626.81 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page...