12 matches found
EUVD-2021-2502
Malware in sbrugna...
EUVD-2022-4615
Malicious code in bioql PyPI...
CVE-2020-11611
An issue was discovered in xdLocalStorage through 2.0.5. The buildMessage function in xdLocalStorage.js specifies the wildcard as the targetOrigin when calling the postMessage function on the iframe object. Therefore any domain that is currently loaded within the iframe can receive the messages...
CVE-2020-11610
An issue was discovered in xdLocalStorage through 2.0.5. The postData function in xdLocalStoragePostMessageApi.js specifies the wildcard as the targetOrigin when calling the postMessage function on the parent object. Therefore any domain can load the application hosting the "magical iframe" and...
GHSA-MR5M-2385-2VCP xdlocalstorage does not verify request origin
An issue was discovered in xdLocalStorage through 2.0.5. The postData function in xdLocalStoragePostMessageApi.js specifies the wildcard as the targetOrigin when calling the postMessage function on the parent object. Therefore any domain can load the application hosting the "magical iframe" and...
xdlocalstorage does not verify request origin
An issue was discovered in xdLocalStorage through 2.0.5. The postData function in xdLocalStoragePostMessageApi.js specifies the wildcard as the targetOrigin when calling the postMessage function on the parent object. Therefore any domain can load the application hosting the "magical iframe" and...
GHSA-C6C4-JMQX-3R33 Open Redirect in xdLocalStorage
An issue was discovered in xdLocalStorage through 2.0.5. The buildMessage function in xdLocalStorage.js specifies the wildcard as the targetOrigin when calling the postMessage function on the iframe object. Therefore any domain that is currently loaded within the iframe can receive the messages...
Information Disclosure
cross-domain-local-storage-separately is vulnerable to information disclosure. The buildMessage function in xdLocalStorage.js allows the wildcard as the targetOrigin when calling the postMessage function on the iframe object, allowing any domains with iframe to accept requests from clients...
CVE-2020-11611
An issue was discovered in xdLocalStorage through 2.0.5. The buildMessage function in xdLocalStorage.js specifies the wildcard as the targetOrigin when calling the postMessage function on the iframe object. Therefore any domain that is currently loaded within the iframe can receive the messages...
Design/Logic Flaw
An issue was discovered in xdLocalStorage through 2.0.5. The postData function in xdLocalStoragePostMessageApi.js specifies the wildcard as the targetOrigin when calling the postMessage function on the parent object. Therefore any domain can load the application hosting the "magical iframe" and...
CVE-2020-11610
CVE-2020-11610 affects xdLocalStorage up to version 2.0.5. The root cause is in the postData() function of xdLocalStoragePostMessageApi.js, which calls postMessage() on the parent with targetOrigin set to the wildcard (*) instead of a specific origin. This allows any domain to load the applicatio...
CVE-2020-11611
An issue was discovered in xdLocalStorage through 2.0.5. The buildMessage function in xdLocalStorage.js specifies the wildcard as the targetOrigin when calling the postMessage function on the iframe object. Therefore any domain that is currently loaded within the iframe can receive the messages...