← Back

Cross Domain Local Storage Project

cross_domain_local_storage_project

4 CVEs • 1 product

Products (1)

Click to collapse
Toggle
Cross Domain Local Storage
cross_domain_local_storage
4 CVEs

CVEs (4)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2020-11611
1Cross Domain Local Storage Project
1Cross Domain Local Storage
Nov 21, 2024
Apr 7, 2020
N/A· v4
6.1 MEDIUM· v3
5.8 MEDIUM· v2
An issue was discovered in xdLocalStorage through 2.0.5. The buildMessage() function in xdLocalStorage.js specifies the wildcard (*) as the targetOrigin when calling the postMessage() function on the iframe object. There...Show more
An issue was discovered in xdLocalStorage through 2.0.5. The buildMessage() function in xdLocalStorage.js specifies the wildcard (*) as the targetOrigin when calling the postMessage() function on the iframe object. Therefore any domain that is currently loaded within the iframe can receive the messages that the client sends.Show less
CVE-2020-11610
1Cross Domain Local Storage Project
1Cross Domain Local Storage
Nov 21, 2024
Apr 7, 2020
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
An issue was discovered in xdLocalStorage through 2.0.5. The postData() function in xdLocalStoragePostMessageApi.js specifies the wildcard (*) as the targetOrigin when calling the postMessage() function on the parent obj...Show more
An issue was discovered in xdLocalStorage through 2.0.5. The postData() function in xdLocalStoragePostMessageApi.js specifies the wildcard (*) as the targetOrigin when calling the postMessage() function on the parent object. Therefore any domain can load the application hosting the "magical iframe" and receive the messages that the "magical iframe" sends.Show less
CVE-2015-9545
1Cross Domain Local Storage Project
1Cross Domain Local Storage
Nov 21, 2024
Apr 7, 2020
N/A· v4
7.1 HIGH· v3
5.8 MEDIUM· v2
An issue was discovered in xdLocalStorage through 2.0.5. The receiveMessage() function in xdLocalStorage.js does not implement any validation of the origin of web messages. Remote attackers who can entice a user to load...Show more
An issue was discovered in xdLocalStorage through 2.0.5. The receiveMessage() function in xdLocalStorage.js does not implement any validation of the origin of web messages. Remote attackers who can entice a user to load a malicious site can exploit this issue to impact the confidentiality and integrity of data in the local storage of the vulnerable site via malicious web messages.Show less
CVE-2015-9544
1Cross Domain Local Storage Project
1Cross Domain Local Storage
Nov 21, 2024
Apr 7, 2020
N/A· v4
7.1 HIGH· v3
5.8 MEDIUM· v2
An issue was discovered in xdLocalStorage through 2.0.5. The receiveMessage() function in xdLocalStoragePostMessageApi.js does not implement any validation of the origin of web messages. Remote attackers who can entice a...Show more
An issue was discovered in xdLocalStorage through 2.0.5. The receiveMessage() function in xdLocalStoragePostMessageApi.js does not implement any validation of the origin of web messages. Remote attackers who can entice a user to load a malicious site can exploit this issue to impact the confidentiality and integrity of data in the local storage of the vulnerable site via malicious web messages.Show less