6865 matches found
CVE-2024-28948
The CVE-2024-28948 entry describes a CSRF vulnerability in Advantech ADAM-5630. Affected product: ADAM-5630 (pre-2.5.2). Root cause: cross-site request forgery (CWE-352) enabling an attacker to partly bypass same-origin policy. Reported impact: high impact to confidentiality, integrity, and avail...
CVE-2024-28948 Advantech ADAM-5630 Cross-Site Request Forgery
Advantech ADAM-5630 contains a cross-site request forgery CSRF vulnerability. It allows an attacker to partly circumvent the same origin policy, which is designed to prevent different websites from interfering with each other...
CVE-2024-28948 Advantech ADAM-5630 Cross-Site Request Forgery
Advantech ADAM-5630 contains a cross-site request forgery CSRF vulnerability. It allows an attacker to partly circumvent the same origin policy, which is designed to prevent different websites from interfering with each other...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS through the Page URL variable. An attacker can manipulate web content or hijack user sessions by injecting malicious scripts into the URL parameter. Details Cross-site scripting or XSS is a code vulnerability th...
Samsung Internet Browser SOP Bypass
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Samsung Internet Browser SOP Bypass', 'Description' = %q This module takes advantage of a Same-Origin Policy SOP bypass vulnerability in the...
CVE-2024-6398
An information disclosure vulnerability in SWG in versions 12.x prior to 12.2.10 and 11.x prior to 11.2.24 allows information stored in a customizable block page to be disclosed to third-party websites due to Same Origin Policy Bypass of browsers in certain scenarios. The risk is low, because oth...
CVE-2024-6398
An information disclosure vulnerability in SWG in versions 12.x prior to 12.2.10 and 11.x prior to 11.2.24 allows information stored in a customizable block page to be disclosed to third-party websites due to Same Origin Policy Bypass of browsers in certain scenarios. The risk is low, because oth...
CVE-2024-6398
An information disclosure vulnerability in SWG in versions 12.x prior to 12.2.10 and 11.x prior to 11.2.24 allows information stored in a customizable block page to be disclosed to third-party websites due to Same Origin Policy Bypass of browsers in certain scenarios. The risk is low, because oth...
CVE-2024-6398
Trellix Secure Web Gateway (SWG) has an information disclosure vulnerability (CVE-2024-6398) affecting SWG 11.x before 11.2.24 and 12.x before 12.2.10. The issue arises from a browser Same Origin Policy bypass that can cause data on customizable block pages to be disclosed to third-party websites...
CVE-2024-6398
An information disclosure vulnerability in SWG in versions 12.x prior to 12.2.10 and 11.x prior to 11.2.24 allows information stored in a customizable block page to be disclosed to third-party websites due to Same Origin Policy Bypass of browsers in certain scenarios. The risk is low, because oth...
Trellix Secure Web Gateway Information Disclosure Vulnerability
Trellix Secure Web Gateway Trellix SWG is a security gateway from FireEye USA Trellix. An information disclosure vulnerability exists in Trellix Secure Web Gateway SWG version 12.x prior to 12.2.10 and version 11.x prior to 11.2.24, which stems from a browser bypassing the same-origin policy unde...
PT-2024-37595 · Swg · Swg
Name of the Vulnerable Software and Affected Versions: SWG versions 11.x prior to 11.2.24 SWG versions 12.x prior to 12.2.10 Description: An information disclosure issue in SWG allows information stored in a customizable block page to be disclosed to third-party websites due to Same Origin Policy...
Astra Linux – Vulnerability in Firefox, Thunderbird
Offscreen Canvas did not properly prevent cross-origin tampering, which could allow access to image data from another site in violation of the same-origin policy. This vulnerability affects Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12...
Mozilla: Cross-Origin Image leak via Offscreen Canvas
The Mozilla Foundation Security Advisory describes this flaw as: Offscreen Canvas did not properly track cross-origin tainting, which could be used to access image data from another site in violation of same-origin policy...
Mozilla: Cross-Origin Image leak via Offscreen Canvas
The Mozilla Foundation Security Advisory describes this flaw as: Offscreen Canvas did not properly track cross-origin tainting, which could be used to access image data from another site in violation of same-origin policy...
Mozilla: Cross-Origin Image leak via Offscreen Canvas
The Mozilla Foundation Security Advisory describes this flaw as: Offscreen Canvas did not properly track cross-origin tainting, which could be used to access image data from another site in violation of same-origin policy...
Mozilla: Cross-Origin Image leak via Offscreen Canvas
The Mozilla Foundation Security Advisory describes this flaw as: Offscreen Canvas did not properly track cross-origin tainting, which could be used to access image data from another site in violation of same-origin policy...
Mozilla: Cross-Origin Image leak via Offscreen Canvas
The Mozilla Foundation Security Advisory describes this flaw as: Offscreen Canvas did not properly track cross-origin tainting, which could be used to access image data from another site in violation of same-origin policy...
Mozilla: Cross-Origin Image leak via Offscreen Canvas
The Mozilla Foundation Security Advisory describes this flaw as: Offscreen Canvas did not properly track cross-origin tainting, which could be used to access image data from another site in violation of same-origin policy...
Mozilla: Cross-Origin Image leak via Offscreen Canvas
The Mozilla Foundation Security Advisory describes this flaw as: Offscreen Canvas did not properly track cross-origin tainting, which could be used to access image data from another site in violation of same-origin policy...