CVE-2015-9545
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
An issue was discovered in xdLocalStorage through 2.0.5. The receiveMessage() function in xdLocalStorage.js does not implement any validation of the origin of web messages. Remote attackers who can entice a user to load a malicious site can exploit this issue to impact the confidentiality and integrity of data in the local storage of the vulnerable site via malicious web messages.
Se detectó un problema en xdLocalStorage versiones hasta 2.0.5. La función ReceiveMessage() en el archivo xdLocalStorage.js no implementa ninguna comprobación del origen de los mensajes web. Los atacantes remotos que pueden atraer a un usuario a cargar un sitio malicioso pueden explotar este problema para afectar la confidencialidad e integridad de los datos en el almacenamiento local del sitio vulnerable por medio de mensajes web maliciosos.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-04-07 CVE Reserved
- 2020-04-07 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-20: Improper Input Validation
CAPEC
References (4)
URL | Tag | Source |
---|---|---|
https://github.com/ofirdagan/cross-domain-local-storage | Product |
URL | Date | SRC |
---|---|---|
https://grimhacker.com/exploiting-xdlocalstorage-localstorage-and-postmessage/#Missing-Origin-Client | 2024-08-06 |
URL | Date | SRC |
---|---|---|
https://github.com/ofirdagan/cross-domain-local-storage/issues/17 | 2020-04-08 | |
https://github.com/ofirdagan/cross-domain-local-storage/pull/19 | 2020-04-08 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Cross Domain Local Storage Project Search vendor "Cross Domain Local Storage Project" | Cross Domain Local Storage Search vendor "Cross Domain Local Storage Project" for product "Cross Domain Local Storage" | <= 2.0.5 Search vendor "Cross Domain Local Storage Project" for product "Cross Domain Local Storage" and version " <= 2.0.5" | - |
Affected
|