283 matches found
CVE-2016-10549
Sails is an MVC style framework for building realtime web applications. Version 0.12.7 and lower have an issue with the CORS configuration where the value of the origin header is reflected as the value for the Access-Control-Allow-Origin header. This would allow an attacker to make AJAX requests ...
@maxts/waterline-adapter-tests (=1.0.3), driver-interface (=1.0.2) +9 more potentially affected by CVE-2018-3721 via @sailshq/lodash (=3.10.2)
@sailshq/lodash NPM version =3.10.2 is affected by a known vulnerability. The following packages have a transitive dependency on @sailshq/lodash and may be impacted: - @maxts/waterline-adapter-tests =1.0.3 - driver-interface =1.0.2 - machinepack-sockets =2.0.0, =5.2.0-0, =1.0.1, =0.9.1, =2.1.14,...
Broken CORS
Overview Affected versions of sails have an issue with the CORS configuration where the value of the origin header is reflected as the value for the Access-Control-Allow-Origin header. This may allow an attacker to make AJAX requests to vulnerable hosts through cross-site scripting or a malicious...