Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
origin vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2007-3670
Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Firefox installed and certain URIs registered, allows remote malicious users to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a (1) F...
Microsoft Internet Explorer 6
Microsoft Internet Explorer 7.0
Mozilla Firefox
1 EDB exploit
7.5
CVSSv2
CVE-2008-3835
The nsXMLDocument::OnChannelRedirect function in Mozilla Firefox prior to 2.0.0.17, Thunderbird prior to 2.0.0.17, and SeaMonkey prior to 1.1.12 allows remote malicious users to bypass the Same Origin Policy and execute arbitrary JavaScript code via unknown vectors.
Mozilla Firefox 0.9.1
Mozilla Firefox 0.9
Mozilla Firefox 1.0
Mozilla Firefox 1.0.3
Mozilla Firefox 1.5.0.4
Mozilla Firefox 1.5.0.5
Mozilla Firefox 1.5.0.6
Mozilla Firefox 1.5.7
Mozilla Firefox 1.5.0.8
Mozilla Firefox 1.5.0.9
Mozilla Firefox 1.5
Mozilla Firefox 2.0.0.10
Mozilla Firefox 2.0.0.13
Mozilla Seamonkey 1.0.8
Mozilla Seamonkey 1.0.7
Mozilla Seamonkey 1.0.2
Mozilla Seamonkey 1.0.9
Mozilla Seamonkey 1.1.10
Mozilla Seamonkey
Mozilla Thunderbird 2.0.0.1
Mozilla Firefox 0.8
Mozilla Firefox 0.10.1
4.3
CVSSv2
CVE-2010-1213
The importScripts Web Worker method in Mozilla Firefox 3.5.x prior to 3.5.11 and 3.6.x prior to 3.6.7, Thunderbird 3.0.x prior to 3.0.6 and 3.1.x prior to 3.1.1, and SeaMonkey prior to 2.0.6 does not verify that content is valid JavaScript code, which allows remote malicious user...
Mozilla Firefox 3.5.7
Mozilla Firefox 3.5.9
Mozilla Firefox 3.6
Mozilla Firefox 3.5.5
Mozilla Firefox 3.5.6
Mozilla Firefox 3.6.4
Mozilla Firefox 3.6.6
Mozilla Firefox 3.5.1
Mozilla Firefox 3.5.2
Mozilla Firefox 3.5.10
Mozilla Firefox 3.6.1
Mozilla Firefox 3.5.3
Mozilla Firefox 3.5.4
Mozilla Firefox 3.6.2
Mozilla Firefox 3.6.3
Mozilla Thunderbird 3.1
Mozilla Thunderbird 3.0
Mozilla Thunderbird 3.0.1
Mozilla Thunderbird 3.0.2
Mozilla Thunderbird 3.0.3
Mozilla Thunderbird 3.0.4
Mozilla Thunderbird 3.0.5
4.3
CVSSv2
CVE-2021-23986
A malicious extension with the 'search' permission could have installed a new search engine whose favicon referenced a cross-origin URL. The response to this cross-origin request could have been read by the extension, allowing a same-origin policy bypass by the extensio...
Mozilla Firefox
6.8
CVSSv2
CVE-2016-9078
Redirection from an HTTP connection to a "data:" URL assigns the referring site's origin to the "data:" URL in some circumstances. This can result in same-origin violations against a domain if it loads resources from malicious sites. Cross-origin setting ...
Mozilla Firefox 49.0
Mozilla Firefox 50.0
4.3
CVSSv2
CVE-2018-16072
A missing origin check related to HLS manifests in Blink in Google Chrome before 69.0.3497.81 allowed a remote malicious user to bypass same origin policy via a crafted HTML page.
Google Chrome
7.5
CVSSv2
CVE-2020-26527
An issue exists in API/api/Version in Damstra Smart Asset 2020.7. Cross-origin resource sharing trusts random origins by accepting the arbitrary 'Origin: example.com' header and responding with 200 OK and a wildcard 'Access-Control-Allow-Origin: *' header.
Damstratechnology Smart Asset 2020.7
1 Github repository
NA
CVE-2017-20146
Usage of the CORS handler may apply improper CORS headers, allowing the requester to explicitly control the value of the Access-Control-Allow-Origin header, which bypasses the expected behavior of the Same Origin Policy.
Gorillatoolkit Handlers
5
CVSSv2
CVE-2015-5236
It exists that the IcedTea-Web used codebase attribute of the <applet> tag on the HTML page that hosts Java applet in the Same Origin Policy (SOP) checks. As the specified codebase does not have to match the applet's actual origin, this allowed malicious site to bypass...
Icedtea-web Project Icedtea-web -
6.8
CVSSv2
CVE-2020-5742
Improper Access Control in Plex Media Server prior to June 15, 2020 allows any origin to execute cross-origin application requests.
Plex Media Server
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-38002
CVE-2006-4304
CVE-2024-4336
CVE-2024-33437
CVE-2024-4340
CVE-2024-27956
privilege
insecure direct object reference
XSS
item search icon">CVE-2024-25938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »