Cross Domain Local Storage@* Security Vulnerabilities and Issues — Cross Domain Local Storage@* CVE List

Lucene search

Cross Domain Local Storage ProjectCross Domain Local Storage*

4 matches found

CVE•added 2020/04/07 6:15 p.m.•45 views

CVE-2020-11610

An issue was discovered in xdLocalStorage through 2.0.5. The postData() function in xdLocalStoragePostMessageApi.js specifies the wildcard (*) as the targetOrigin when calling the postMessage() function on the parent object. Therefore any domain can load the application hosting the "magical iframe"...

8.8CVSS8.6AI score0.00179EPSS

CVE•added 2020/04/07 6:15 p.m.•37 views

CVE-2015-9544

An issue was discovered in xdLocalStorage through 2.0.5. The receiveMessage() function in xdLocalStoragePostMessageApi.js does not implement any validation of the origin of web messages. Remote attackers who can entice a user to load a malicious site can exploit this issue to impact the confidentia...

7.1CVSS6.8AI score0.00449EPSS

CVE•added 2020/04/07 6:15 p.m.•35 views

CVE-2015-9545

An issue was discovered in xdLocalStorage through 2.0.5. The receiveMessage() function in xdLocalStorage.js does not implement any validation of the origin of web messages. Remote attackers who can entice a user to load a malicious site can exploit this issue to impact the confidentiality and integ...

7.1CVSS6.8AI score0.00449EPSS

CVE•added 2020/04/07 6:15 p.m.•33 views

CVE-2020-11611

An issue was discovered in xdLocalStorage through 2.0.5. The buildMessage() function in xdLocalStorage.js specifies the wildcard (*) as the targetOrigin when calling the postMessage() function on the iframe object. Therefore any domain that is currently loaded within the iframe can receive the mess...

6.1CVSS6.2AI score0.00149EPSS