Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
origin vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2020-13944
In Apache Airflow < 1.10.12, the "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit.
Apache Airflow
5.8
CVSSv2
CVE-2013-0794
Mozilla Firefox prior to 20.0 and SeaMonkey prior to 2.17 do not prevent origin spoofing of tab-modal dialogs, which allows remote malicious users to conduct phishing attacks via a crafted web site.
Mozilla Firefox 19.0
Mozilla Firefox 19.0.1
Mozilla Firefox
Mozilla Seamonkey
Mozilla Seamonkey 2.17
Mozilla Seamonkey 2.16
Mozilla Seamonkey 2.16.2
Mozilla Seamonkey 2.15
Mozilla Seamonkey 2.15.1
Mozilla Seamonkey 2.14
Mozilla Seamonkey 2.15.2
Mozilla Seamonkey 2.0.1
Mozilla Seamonkey 2.0
Mozilla Seamonkey 2.0.6
Mozilla Seamonkey 2.0.5
Mozilla Seamonkey 2.10
Mozilla Seamonkey 2.11
Mozilla Seamonkey 2.13
Mozilla Seamonkey 2.12.1
Mozilla Seamonkey 2.0.8
Mozilla Seamonkey 2.12
Mozilla Seamonkey 2.4
6.8
CVSSv2
CVE-2016-1949
Mozilla Firefox prior to 44.0.2 does not properly restrict the interaction between Service Workers and plugins, which allows remote malicious users to bypass the Same Origin Policy via a crafted web site that triggers spoofed responses to requests that use NPAPI, as demonstrated ...
Mozilla Firefox
4.3
CVSSv2
CVE-2017-2371
An issue exists in certain Apple products. iOS prior to 10.2.1 is affected. The issue involves the "WebKit" component, which allows remote malicious users to launch popups via a crafted web site.
Apple Iphone Os
1 EDB exploit
5
CVSSv2
CVE-2015-7215
The importScripts function in the Web Workers API implementation in Mozilla Firefox prior to 43.0 allows remote malicious users to bypass the Same Origin Policy by triggering use of the no-cors mode in the fetch API to attempt resource access that throws an exception, leading to ...
Fedoraproject Fedora 23
Fedoraproject Fedora 22
Opensuse Leap 42.1
Opensuse Opensuse 13.2
Opensuse Opensuse 13.1
Mozilla Firefox
5
CVSSv2
CVE-2015-7207
Mozilla Firefox prior to 43.0 does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote malicious users to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that leverages history.back and perform...
Mozilla Firefox
Opensuse Leap 42.1
Opensuse Opensuse 13.2
Opensuse Opensuse 13.1
Fedoraproject Fedora 22
Fedoraproject Fedora 23
4.3
CVSSv2
CVE-2016-2825
Mozilla Firefox prior to 47.0 allows remote malicious users to bypass the Same Origin Policy and modify the location.host property via an invalid data: URL.
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 15.10
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 12.04
Opensuse Opensuse 13.2
Opensuse Opensuse 13.1
Opensuse Leap 42.1
Mozilla Firefox
7.5
CVSSv2
CVE-2012-4908
Google Chrome prior to 18.0.1025308 on Android allows remote malicious users to bypass the Same Origin Policy and obtain access to local files via vectors involving a symlink.
Google Chrome
1 EDB exploit
5.8
CVSSv2
CVE-2011-4968
nginx http proxy module does not verify peer identity of https origin server which could facilitate man-in-the-middle attack (MITM)
F5 Nginx 0.7.61
F5 Nginx 0.7.62
F5 Nginx 0.7.64
F5 Nginx 0.7.65
F5 Nginx 0.7.66
F5 Nginx 0.8.33
F5 Nginx 0.8.35
F5 Nginx 0.8.36
F5 Nginx 0.8.40
F5 Nginx 1.2.6
Debian Debian Linux 8.0
6.8
CVSSv2
CVE-2013-0747
The gPluginHandler.handleEvent function in the plugin handler in Mozilla Firefox prior to 18.0, Firefox ESR 17.x prior to 17.0.2, Thunderbird prior to 17.0.2, Thunderbird ESR 17.x prior to 17.0.2, and SeaMonkey prior to 2.15 does not properly enforce the Same Origin Policy, which...
Mozilla Firefox
Mozilla Firefox Esr
Mozilla Seamonkey
Mozilla Thunderbird
Mozilla Thunderbird Esr
Opensuse Opensuse 11.4
Opensuse Opensuse 12.1
Opensuse Opensuse 12.2
Suse Linux Enterprise Desktop 10
Suse Linux Enterprise Desktop 11
Suse Linux Enterprise Server 10
Suse Linux Enterprise Server 11
Suse Linux Enterprise Software Development Kit 10
Suse Linux Enterprise Software Development Kit 11
Canonical Ubuntu Linux 10.04
Canonical Ubuntu Linux 11.10
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 12.10
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »