Lucene search
K
Cross Domain Local Storage ProjectCross Domain Local Storage

4 matches found

CVE
CVE
added 2020/04/07 5:19 p.m.64 views

CVE-2020-11610

CVE-2020-11610 affects xdLocalStorage up to version 2.0.5. The root cause is in the postData() function of xdLocalStoragePostMessageApi.js, which calls postMessage() on the parent with targetOrigin set to the wildcard (*) instead of a specific origin. This allows any domain to load the applicatio...

8.8CVSS8.6AI score0.0141EPSS
CVE
CVE
added 2020/04/07 5:18 p.m.50 views

CVE-2015-9545

The CVE-2015-9545 issue affects xdLocalStorage up to version 2.0.5, where receiveMessage() in xdLocalStorage.js does not validate the origin of web messages. This missing origin validation can allow remote attackers to entice a user to load a malicious site and exploit web messages to affect the ...

7.1CVSS6.8AI score0.01327EPSS
CVE
CVE
added 2020/04/07 5:19 p.m.47 views

CVE-2015-9544

CVE-2015-9544 affects xdLocalStorage up to version 2.0.5. The postMessage API (xdLocalStoragePostMessageApi.js) does not validate the origin of received web messages, enabling remote attackers who lure a user to a malicious site to read/alter data in local storage of the vulnerable site. Impact s...

7.1CVSS6.8AI score0.01327EPSS
CVE
CVE
added 2020/04/07 5:18 p.m.45 views

CVE-2020-11611

CVE-2020-11611 affects xdLocalStorage up to version 2.0.5. The issue is in buildMessage() in xdLocalStorage.js, which uses wildcard (*) as targetOrigin when postMessage() is called on the iframe. This allows any domain loaded in the iframe to receive the messages, enabling cross-domain disclosure...

6.1CVSS6.2AI score0.00936EPSS