CWE-1385
10 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-1385page 1 of 1
- CVE-2014-125071MEDIUMCVSS 5.5EG 9.82023-01-09
A vulnerability was found in lukehutch Gribbit. It has been classified as problematic. Affected is the function messageReceived of the file src/gribbit/request/HttpRequestHandler.java. The manipulation leads to missing origin validation in…
- CVE-2023-0957HIGHCVSS 8.2EG 9.62023-03-03
An issue was discovered in Gitpod versions prior to release-2022.11.2.16. There is a Cross-Site WebSocket Hijacking (CSWSH) vulnerability that allows attackers to make WebSocket connections to the Gitpod JSONRPC server using a victim’s c…
- CVE-2023-26114HIGHCVSS 8.2EG 8.22023-03-23
Versions of the package code-server before 4.10.1 are vulnerable to Missing Origin Validation in WebSockets handshakes. Exploiting this vulnerability can allow an adversary in specific scenarios to access data from and connect to the code-…
- CVE-2023-2848HIGHCVSS 8.0EG 8.02023-09-14
Movim prior to version 0.22 is affected by a Cross-Site WebSocket Hijacking vulnerability. This was the result of a missing header validation.
- CVE-2023-2850MEDIUMCVSS 4.7EG 4.72023-07-25
NodeBB is affected by a Cross-Site WebSocket Hijacking vulnerability due to missing validation of the request origin. Exploitation of this vulnerability allows certain user information to be extracted by attacker.
- CVE-2023-2886MEDIUMCVSS 4.3EG 7.62023-05-25
Missing Origin Validation in WebSockets vulnerability in CBOT Chatbot allows Content Spoofing Via Application API Manipulation. This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7.
- CVE-2023-30856HIGHCVSS 8.3EG 8.32023-04-28
eDEX-UI is a science fiction terminal emulator. Versions 2.2.8 and prior are vulnerable to cross-site websocket hijacking. When running eDEX-UI and browsing the web, a malicious website can connect to eDEX's internal terminal control webso…
- CVE-2023-32264MEDIUMCVSS 5.8EG 5.82024-03-08
CWE-1385 vulnerability in OpenText Documentum D2 affecting versions16.5.1 to CE 23.2. The vulnerability could allow upload arbitrary code and execute it on the client's computer.
- CVE-2023-49805MEDIUMCVSS 6.0EG 6.02023-12-11
Uptime Kuma is an easy-to-use self-hosted monitoring tool. Prior to version 1.23.9, the application uses WebSocket (with Socket.io), but it does not verify that the source of communication is valid. This allows third-party website to acces…
- CVE-2024-23168CRITICALCVSS 9.8EG 9.82024-08-15
Vulnerability in Xiexe XSOverlay before build 647 allows non-local websites to send the malicious commands to the WebSocket API, resulting in the arbitrary code execution.
Map vulnerabilities like CWE-1385 to your infrastructure
EchelonGraph correlates every CVE — across CWE-1385 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →