Microsoft Edge (Chromium) < 80.0.361.66 Insufficient Policy Enforcement

The version of Microsoft Edge Chromium installed on the remote Windows host is prior to 80.0.361.66. It is, therefore, affected by an insufficient policy enforcement vulnerability. An unauthenticated, remote attacker can exploit this, via a crafted HTML page, to bypass same-origin policy. Note th...

X (Formerly Twitter): Android WebViews in Twitter app are vulnerable to UXSS due to configuration and CVE-2020-6506

Summary: CVSS score: 8.1 / High / CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N Embargo notice: Do Not Disclose publicly until https://crbug.com/1083819 is disclosed. Twitter for Android is affected by a UXSS vulnerability due to its configuration of Android WebView and CVE-2020-6506. Vendor...

CVE-2018-18499

A same-origin policy violation allowing the theft of cross-origin URL entries when using a meta http-equiv="refresh" on a page to cause a redirection to another site using performance.getEntries. This is a same-origin policy violation and could allow for data theft. This vulnerability affects...

Mattermost Desktop App Access Control Error Vulnerability

Mattermost Desktop App is a messaging desktop application from Mattermost USA. An Access Control Error vulnerability exists in Mattermost Desktop App versions prior to 4.4.0, which stems from the program's failure to properly handle the same-origin policy and can be exploited by an attacker to...

Unspecified Vulnerability in Mattermost Desktop App (CNVD-2020-41482)

Mattermost Desktop App is a messaging desktop application from Mattermost USA. A security vulnerability exists in Mattermost Desktop App versions prior to 4.0.0 that stems from the program not properly handling the same-origin policy setPermissionRequestHandler. An attacker could exploit the...

Unspecified Vulnerability in Mattermost Server

Mattermost Server is the United States Mattermost company's set of open source messaging platform. A security vulnerability exists in the WebSocket functionality in Mattermost Server versions prior to 3.6.2, which stems from the program not following the same-origin policy. No details of the...

CVE-2017-18920

An issue was discovered in Mattermost Server before 3.6.2. The WebSocket feature does not follow the Same Origin Policy...

CVE-2017-18920

An issue was discovered in Mattermost Server before 3.6.2. The WebSocket feature does not follow the Same Origin Policy...

Design/Logic Flaw

An issue was discovered in Mattermost Server before 3.6.2. The WebSocket feature does not follow the Same Origin Policy...

CVE-2017-18920

An issue was discovered in Mattermost Server before 3.6.2. The WebSocket feature does not follow the Same Origin Policy...

CVE-2017-18920

Mattermost Server ≤ 3.6.1 suffers a Same Origin Policy weakness in the WebSocket feature. The vulnerability context is limited to Mattermost Server prior to version 3.6.2; no exploitation details are provided in the sources. Mitigation guidance (from publicly available references) is to upgrade t...

CVE-2018-21265

An issue was discovered in Mattermost Desktop App before 4.0.0. It mishandled the Same Origin Policy for setPermissionRequestHandler e.g., video, audio, and notifications...

CVE-2018-21265

An issue was discovered in Mattermost Desktop App before 4.0.0. It mishandled the Same Origin Policy for setPermissionRequestHandler e.g., video, audio, and notifications...

Design/Logic Flaw

An issue was discovered in Mattermost Desktop App before 4.0.0. It mishandled the Same Origin Policy for setPermissionRequestHandler e.g., video, audio, and notifications...

CVE-2018-21265

Mattermost Desktop App before 4.0.0 is affected by a vulnerability caused by mishandling the Same Origin Policy for setPermissionRequestHandler (affecting video, audio, and notifications). The issue is described across multiple sources (CVE-2018-21265) and is corroborated in Red Hat and CNVD entr...

CVE-2018-21265

An issue was discovered in Mattermost Desktop App before 4.0.0. It mishandled the Same Origin Policy for setPermissionRequestHandler e.g., video, audio, and notifications...

CVE-2020-14456

An issue was discovered in Mattermost Desktop App before 4.4.0. The Same Origin Policy is mishandled during access-control decisions for web APIs, aka MMSA-2020-0006...

CVE-2020-14456

An issue was discovered in Mattermost Desktop App before 4.4.0. The Same Origin Policy is mishandled during access-control decisions for web APIs, aka MMSA-2020-0006...

Design/Logic Flaw

An issue was discovered in Mattermost Desktop App before 4.4.0. The Same Origin Policy is mishandled during access-control decisions for web APIs, aka MMSA-2020-0006...

CVE-2020-14456

An issue was discovered in Mattermost Desktop App before 4.4.0. The Same Origin Policy is mishandled during access-control decisions for web APIs, aka MMSA-2020-0006...