Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-6p7q-r2p3-gx4g

Опубликовано: 30 апр. 2022
Источник: github
Github: Не прошло ревью

Описание

The Javascript "Same Origin Policy" (SOP), as implemented in (1) Netscape, (2) Mozilla, and (3) Internet Explorer, allows a remote web server to access HTTP and SOAP/XML content from restricted sites by mapping the malicious server's parent DNS domain name to the restricted site, loading a page from the restricted site into one frame, and passing the information to the attacker-controlled frame, which is allowed because the document.domain of the two frames matches on the parent domain.

The Javascript "Same Origin Policy" (SOP), as implemented in (1) Netscape, (2) Mozilla, and (3) Internet Explorer, allows a remote web server to access HTTP and SOAP/XML content from restricted sites by mapping the malicious server's parent DNS domain name to the restricted site, loading a page from the restricted site into one frame, and passing the information to the attacker-controlled frame, which is allowed because the document.domain of the two frames matches on the parent domain.

EPSS

Процентиль: 80%
0.01433
Низкий

Связанные уязвимости

nvd
почти 23 года назад

The Javascript "Same Origin Policy" (SOP), as implemented in (1) Netscape, (2) Mozilla, and (3) Internet Explorer, allows a remote web server to access HTTP and SOAP/XML content from restricted sites by mapping the malicious server's parent DNS domain name to the restricted site, loading a page from the restricted site into one frame, and passing the information to the attacker-controlled frame, which is allowed because the document.domain of the two frames matches on the parent domain.

debian
почти 23 года назад

The Javascript "Same Origin Policy" (SOP), as implemented in (1) Netsc ...

EPSS

Процентиль: 80%
0.01433
Низкий