Sifchain: CORS (Cross-Origin Resource Sharing) origin validation failure

ATTACK DETAILS Access-Control-Allow-Origin: https://sifchain.finance.evil.com Access-Control-Allow-Credentials: true Prefix origins are accepted www.example.com trusts example.com.evil.com Vulnerability Description CORS Cross-Origin Resource Sharing defines a mechanism to enable client-side...

Cross-site Scripting (XSS) - Reflected in blockonomics/woocommerce-plugin

✍️ Description Reflected javascript injection vulnerabilities exist when web applications take parameters from the URL and display them on a page. Reflection vulnerabilities occur when a website outputs a variable from the webpage URL directly to the page, such as in a PHP application that accepts...

SUSE: Security Advisory (SUSE-SU-2018:4236-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2020:2100-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2015:1379-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2020:1135-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Glovo: Moodle XSS on evolve.glovoapp.com

Cross Site Scripting XSS / Moodle XSS Summary : Cross-site scripting XSS is a type of computer security vulnerability typically found in web applications. XSS enables attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by...

GO-2020-0020 Improper access control in github.com/gorilla/handlers

Usage of the CORS handler may apply improper CORS headers, allowing the requester to explicitly control the value of the Access-Control-Allow-Origin header, which bypasses the expected behavior of the Same Origin Policy...

Zulip 安全漏洞

Zulip server is an open source team chat application from the American company Zulip. A security vulnerability exists in version 3.x prior to Zulip Server 3.4, which stems from the ability of an organization administrator to move messages to streams in other organizations hosted by the same Zulip...

Bitdefender SafePay 访问控制错误漏洞

Bitdefender SafePay is a secure browser. The Access Control Error vulnerability, which previously existed in Bitdefender Safepay version 25.0.7.29, stems from an Authentication Error vulnerability in Bitdefender Safepay, which can be exploited by an attacker to manipulate the browser's file uploa...

CVE-2021-30480

Zoom Chat through 2021-04-09 on Windows and macOS allows certain remote authenticated attackers to execute arbitrary code without user interaction. An attacker must be within the same organization, or an external party who has been accepted as a contact. NOTE: this is specific to the Zoom Chat...

The vulnerability of Containerd’s execution environment, related to the lack of privilege checks for containers with UID 0 in the same namespace as the shim, allows a attacker to access confidential data and compromise its integrity.

The vulnerability of Containerd’s execution environment is related to the lack of privilege checks for containers with UID 0 in the same namespace as the shim. Exploiting this vulnerability allows an attacker to access confidential data and compromise its integrity...

CVE-2021-23986

A malicious extension with the 'search' permission could have installed a new search engine whose favicon referenced a cross-origin URL. The response to this cross-origin request could have been read by the extension, allowing a same-origin policy bypass by the extension, which should not have...

CVE-2021-23986

A malicious extension with the 'search' permission could have installed a new search engine whose favicon referenced a cross-origin URL. The response to this cross-origin request could have been read by the extension, allowing a same-origin policy bypass by the extension, which should not have...

Design/Logic Flaw

A malicious extension with the 'search' permission could have installed a new search engine whose favicon referenced a cross-origin URL. The response to this cross-origin request could have been read by the extension, allowing a same-origin policy bypass by the extension, which should not have...

CVE-2021-23986

A malicious extension with the 'search' permission could have installed a new search engine whose favicon referenced a cross-origin URL. The response to this cross-origin request could have been read by the extension, allowing a same-origin policy bypass by the extension, which should not have...

CVE-2021-23986

A malicious extension with the 'search' permission could have installed a new search engine whose favicon referenced a cross-origin URL. The response to this cross-origin request could have been read by the extension, allowing a same-origin policy bypass by the extension, which should not have...

CVE-2021-23986

A malicious extension with the 'search' permission could have installed a new search engine whose favicon referenced a cross-origin URL. The response to this cross-origin request could have been read by the extension, allowing a same-origin policy bypass by the extension, which should not have...

Cross-site Scripting (XSS) - Generic in maxsite/cms

✍️ Description Cross-site scripting also known as XSS is a web security vulnerability that allows an attacker to compromise the interactions that users have with a vulnerable application. It allows an attacker to circumvent the same origin policy, which is designed to segregate different websites...

Same-Origin Policy Bypass

firefox is vulnerable to same-origin policy bypass. An attacker who successfully installs a malicious extension on a user's browser is able to perform credential-less same origin policy violations...