39 matches found
EUVD-2021-2502
Malware in sbrugna...
EUVD-2021-2595
Malware in sbrugna...
EUVD-2021-2467
Malware in sbrugna...
EUVD-2022-4615
Malicious code in bioql PyPI...
CVE-2020-11611
An issue was discovered in xdLocalStorage through 2.0.5. The buildMessage function in xdLocalStorage.js specifies the wildcard as the targetOrigin when calling the postMessage function on the iframe object. Therefore any domain that is currently loaded within the iframe can receive the messages...
CVE-2020-11610
An issue was discovered in xdLocalStorage through 2.0.5. The postData function in xdLocalStoragePostMessageApi.js specifies the wildcard as the targetOrigin when calling the postMessage function on the parent object. Therefore any domain can load the application hosting the "magical iframe" and...
CVE-2015-9544
An issue was discovered in xdLocalStorage through 2.0.5. The receiveMessage function in xdLocalStoragePostMessageApi.js does not implement any validation of the origin of web messages. Remote attackers who can entice a user to load a malicious site can exploit this issue to impact the...
CVE-2015-9545
An issue was discovered in xdLocalStorage through 2.0.5. The receiveMessage function in xdLocalStorage.js does not implement any validation of the origin of web messages. Remote attackers who can entice a user to load a malicious site can exploit this issue to impact the confidentiality and...
@sobotics/caching (=1.1.1) potentially affected by CVE-2020-11610 via xdlocalstorage (=2.0.5)
xdlocalstorage NPM version =2.0.5 is affected by a known vulnerability. The following packages have a transitive dependency on xdlocalstorage and may be impacted: - @sobotics/caching =1.1.1 Source cves: CVE-2020-11610 Source advisory: OSV:GHSA-MR5M-2385-2VCP...
xdlocalstorage does not verify request origin
An issue was discovered in xdLocalStorage through 2.0.5. The postData function in xdLocalStoragePostMessageApi.js specifies the wildcard as the targetOrigin when calling the postMessage function on the parent object. Therefore any domain can load the application hosting the "magical iframe" and...
GHSA-MR5M-2385-2VCP xdlocalstorage does not verify request origin
An issue was discovered in xdLocalStorage through 2.0.5. The postData function in xdLocalStoragePostMessageApi.js specifies the wildcard as the targetOrigin when calling the postMessage function on the parent object. Therefore any domain can load the application hosting the "magical iframe" and...
Improper Input Validation in xdLocalStorage
An issue was discovered in xdLocalStorage through 2.0.5. The receiveMessage function in xdLocalStorage.js does not implement any validation of the origin of web messages. Remote attackers who can entice a user to load a malicious site can exploit this issue to impact the confidentiality and...
@sobotics/caching (=1.1.1) potentially affected by CVE-2015-9545 via xdlocalstorage (=2.0.5)
xdlocalstorage NPM version =2.0.5 is affected by a known vulnerability. The following packages have a transitive dependency on xdlocalstorage and may be impacted: - @sobotics/caching =1.1.1 Source cves: CVE-2015-9545 Source advisory: OSV:GHSA-76QM-4F93-FG6F...
GHSA-76QM-4F93-FG6F Improper Input Validation in xdLocalStorage
An issue was discovered in xdLocalStorage through 2.0.5. The receiveMessage function in xdLocalStorage.js does not implement any validation of the origin of web messages. Remote attackers who can entice a user to load a malicious site can exploit this issue to impact the confidentiality and...
@sobotics/caching (=1.1.1) potentially affected by CVE-2020-11611 via xdlocalstorage (=2.0.5)
xdlocalstorage NPM version =2.0.5 is affected by a known vulnerability. The following packages have a transitive dependency on xdlocalstorage and may be impacted: - @sobotics/caching =1.1.1 Source cves: CVE-2020-11611 Source advisory: OSV:GHSA-C6C4-JMQX-3R33...
GHSA-C6C4-JMQX-3R33 Open Redirect in xdLocalStorage
An issue was discovered in xdLocalStorage through 2.0.5. The buildMessage function in xdLocalStorage.js specifies the wildcard as the targetOrigin when calling the postMessage function on the iframe object. Therefore any domain that is currently loaded within the iframe can receive the messages...
Open Redirect in xdLocalStorage
An issue was discovered in xdLocalStorage through 2.0.5. The buildMessage function in xdLocalStorage.js specifies the wildcard as the targetOrigin when calling the postMessage function on the iframe object. Therefore any domain that is currently loaded within the iframe can receive the messages...
@sobotics/caching (=1.1.1) potentially affected by CVE-2015-9544 via xdlocalstorage (=2.0.5)
xdlocalstorage NPM version =2.0.5 is affected by a known vulnerability. The following packages have a transitive dependency on xdlocalstorage and may be impacted: - @sobotics/caching =1.1.1 Source cves: CVE-2015-9544 Source advisory: OSV:GHSA-VRC7-6G8W-JH56...
Improper Input Validation in xdLocalStorage
An issue was discovered in xdLocalStorage through 2.0.5. The receiveMessage function in xdLocalStoragePostMessageApi.js does not implement any validation of the origin of web messages. Remote attackers who can entice a user to load a malicious site can exploit this issue to impact the...
GHSA-VRC7-6G8W-JH56 Improper Input Validation in xdLocalStorage
An issue was discovered in xdLocalStorage through 2.0.5. The receiveMessage function in xdLocalStoragePostMessageApi.js does not implement any validation of the origin of web messages. Remote attackers who can entice a user to load a malicious site can exploit this issue to impact the...