Описание
The Grammarly extension before 2018-02-02 for Chrome allows remote attackers to discover authentication tokens via an 'action: "user"' request to iframe.gr_-ifr, because the exposure of these tokens is not restricted to any specific web site.
Ссылки
- ExploitIssue TrackingThird Party Advisory
- ExploitIssue TrackingThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:grammarly:grammarly:2018-02-02:*:*:*:*:chrome:*:*
EPSS
Процентиль: 30%
0.00114
Низкий
8.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-346
Связанные уязвимости
CVSS3: 8.8
github
больше 3 лет назад
The Grammarly extension before 2018-02-02 for Chrome allows remote attackers to discover authentication tokens via an 'action: "user"' request to iframe.gr_-ifr, because the exposure of these tokens is not restricted to any specific web site.
EPSS
Процентиль: 30%
0.00114
Низкий
8.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-346