xdlocalstorage
npm4 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting xdlocalstoragepage 1 of 1
- CVE-2015-9544HIGHCVSS 7.1EG 7.12020-04-07
An issue was discovered in xdLocalStorage through 2.0.5. The receiveMessage() function in xdLocalStoragePostMessageApi.js does not implement any validation of the origin of web messages. Remote attackers who can entice a user to load a mal…
- CVE-2015-9545HIGHCVSS 7.1EG 7.12020-04-07
An issue was discovered in xdLocalStorage through 2.0.5. The receiveMessage() function in xdLocalStorage.js does not implement any validation of the origin of web messages. Remote attackers who can entice a user to load a malicious site ca…
- CVE-2020-11610HIGHCVSS 8.8EG 8.82020-04-07
An issue was discovered in xdLocalStorage through 2.0.5. The postData() function in xdLocalStoragePostMessageApi.js specifies the wildcard (*) as the targetOrigin when calling the postMessage() function on the parent object. Therefore any …
- CVE-2020-11611MEDIUMCVSS 6.1EG 6.12020-04-07
An issue was discovered in xdLocalStorage through 2.0.5. The buildMessage() function in xdLocalStorage.js specifies the wildcard (*) as the targetOrigin when calling the postMessage() function on the iframe object. Therefore any domain tha…
Check whether xdlocalstorage is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for xdlocalstorage CVEs against the assets you own.
Start Free Scan →