CVE-2018-18499

A same-origin policy violation allowing the theft of cross-origin URL entries when using a meta http-equiv="refresh" on a page to cause a redirection to another site using performance.getEntries. This is a same-origin policy violation and could allow for data theft. This vulnerability affects...

Unspecified Vulnerability in Mattermost Desktop App (CNVD-2020-41482)

Mattermost Desktop App is a messaging desktop application from Mattermost USA. A security vulnerability exists in Mattermost Desktop App versions prior to 4.0.0 that stems from the program not properly handling the same-origin policy setPermissionRequestHandler. An attacker could exploit the...

Mattermost Desktop App Access Control Error Vulnerability

Mattermost Desktop App is a messaging desktop application from Mattermost USA. An Access Control Error vulnerability exists in Mattermost Desktop App versions prior to 4.4.0, which stems from the program's failure to properly handle the same-origin policy and can be exploited by an attacker to...

Unspecified Vulnerability in Mattermost Server

Mattermost Server is the United States Mattermost company's set of open source messaging platform. A security vulnerability exists in the WebSocket functionality in Mattermost Server versions prior to 3.6.2, which stems from the program not following the same-origin policy. No details of the...

CVE-2017-18920

An issue was discovered in Mattermost Server before 3.6.2. The WebSocket feature does not follow the Same Origin Policy...

CVE-2017-18920

An issue was discovered in Mattermost Server before 3.6.2. The WebSocket feature does not follow the Same Origin Policy...

Design/Logic Flaw

An issue was discovered in Mattermost Server before 3.6.2. The WebSocket feature does not follow the Same Origin Policy...

CVE-2017-18920

An issue was discovered in Mattermost Server before 3.6.2. The WebSocket feature does not follow the Same Origin Policy...

CVE-2017-18920

Mattermost Server ≤ 3.6.1 suffers a Same Origin Policy weakness in the WebSocket feature. The vulnerability context is limited to Mattermost Server prior to version 3.6.2; no exploitation details are provided in the sources. Mitigation guidance (from publicly available references) is to upgrade t...

CVE-2018-21265

An issue was discovered in Mattermost Desktop App before 4.0.0. It mishandled the Same Origin Policy for setPermissionRequestHandler e.g., video, audio, and notifications...

CVE-2018-21265

An issue was discovered in Mattermost Desktop App before 4.0.0. It mishandled the Same Origin Policy for setPermissionRequestHandler e.g., video, audio, and notifications...

Design/Logic Flaw

An issue was discovered in Mattermost Desktop App before 4.0.0. It mishandled the Same Origin Policy for setPermissionRequestHandler e.g., video, audio, and notifications...

CVE-2018-21265

An issue was discovered in Mattermost Desktop App before 4.0.0. It mishandled the Same Origin Policy for setPermissionRequestHandler e.g., video, audio, and notifications...

CVE-2018-21265

Mattermost Desktop App before 4.0.0 is affected by a vulnerability caused by mishandling the Same Origin Policy for setPermissionRequestHandler (affecting video, audio, and notifications). The issue is described across multiple sources (CVE-2018-21265) and is corroborated in Red Hat and CNVD entr...

CVE-2020-14456

An issue was discovered in Mattermost Desktop App before 4.4.0. The Same Origin Policy is mishandled during access-control decisions for web APIs, aka MMSA-2020-0006...

CVE-2020-14456

An issue was discovered in Mattermost Desktop App before 4.4.0. The Same Origin Policy is mishandled during access-control decisions for web APIs, aka MMSA-2020-0006...

Design/Logic Flaw

An issue was discovered in Mattermost Desktop App before 4.4.0. The Same Origin Policy is mishandled during access-control decisions for web APIs, aka MMSA-2020-0006...

CVE-2020-14456

An issue was discovered in Mattermost Desktop App before 4.4.0. The Same Origin Policy is mishandled during access-control decisions for web APIs, aka MMSA-2020-0006...

CVE-2020-14456

Mattermost Desktop App

EulerOS 2.0 SP2 : python-requests (EulerOS-SA-2020-1633)

According to the version of the python-requests package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-htt...