CWE:
 

Topic
Date
Author
Med.
Magento WooCommerce CardGate Payment Gateway 2.0.30 Payment Process Bypass
25.02.2020
GeekHack
Low
Parity Browser < 1.6.10 Bypass Same Origin Policy
12.01.2018
tintinweb
Med.
Solarwinds LEM Insecure Update Process
26.09.2017
Hank Leininger


CVEMAP Search Results

CVE
Details
Description
2020-06-19
Medium
CVE-2020-14456

Vendor: Mattermost
Software: Mattermost d...
 

 
An issue was discovered in Mattermost Desktop App before 4.4.0. The Same Origin Policy is mishandled during access-control decisions for web APIs, aka MMSA-2020-0006.

 
2020-05-22
Low
CVE-2020-12397

Vendor: Mozilla
Software: Thunderbird
 

 
By encoding Unicode whitespace characters within the From email header, an attacker can spoof the sender email address that Thunderbird displays. This vulnerability affects Thunderbird < 68.8.0.

 
2020-03-24
Medium
CVE-2020-8984

Vendor: ZEND
Software: Zendto
 

 
lib/NSSDropbox.php in ZendTo prior to 5.22-2 Beta allowed IP address spoofing via the X-Forwarded-For header.

 
2020-01-23
Medium
CVE-2019-16517

Vendor: Connectwise
Software: Control
 

 
An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. There is a CORS misconfiguration, which reflected the Origin provided by incoming requests. This allowed JavaScript running on any domain to interact with the server APIs and perform administrative actions, without the victim's knowledge.

 
2020-01-08
Medium
CVE-2019-11762

Vendor: Mozilla
Software: Firefox
 

 
If two same-origin documents set document.domain differently to become cross-origin, it was possible for them to call arbitrary DOM methods/getters/setters on the now-cross-origin window. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2.

 
2019-12-05
Medium
CVE-2019-18381

Vendor: Norton
Software: Password manager
 

 
Norton Password Manager, prior to 6.6.2.5, may be susceptible to a cross origin resource sharing (CORS) vulnerability, which is a type of issue that allows restricted resources on a web page to be requested from another domain outside the domain from which the first resource was served.

 
Medium
CVE-2019-19545

Vendor: Norton
Software: Password manager
 

 
Norton Password Manager, prior to 6.6.2.5, may be susceptible to a cross origin resource sharing (CORS) vulnerability, which is a type of issue that allows restricted resources on a web page to be requested from another domain outside the domain from which the first resource was served.

 
2019-09-27
Medium
CVE-2019-8075

Vendor: Adobe
Software: Flash player
 

 
Adobe Flash Player version 32.0.0.192 and earlier versions have a Same Origin Policy Bypass vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user.

 
2019-09-12
High
CVE-2019-8069

Vendor: Adobe
Software: Flash player
 

 
Adobe Flash Player 32.0.0.238 and earlier versions, 32.0.0.207 and earlier versions have a Same Origin Method Execution vulnerability. Successful exploitation could lead to Arbitrary Code Execution in the context of the current user.

 
2019-07-23
Medium
CVE-2019-9817

Vendor: Mozilla
Software: Firefox
 

 
Images from a different domain can be read using a canvas object in some circumstances. This could be used to steal image data from a different site in violation of same-origin policy. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.

 

 


Copyright 2020, cxsecurity.com

 

Back to Top