CWE-346

Origin Validation Error

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The product does not properly verify that the source of data or communication is valid.

556 vulnerabilities with CWE-346
CVE-2022-3457 CRITICAL
rdiffweb < 2.5.0a5 - Origin Validation Error
CVSS 9.8
CVE-2022-41749 HIGH
Trend Micro Apex One - Privilege Escalation
CVSS 7.8
CVE-2022-41294 MEDIUM
IBM Robotic Process Automation <21.0.5 - SSRF
CVSS 6.5
CVE-2022-22637 HIGH
Safari < 15.4 - Origin Validation Error
CVSS 8.8
CVE-2022-40140 MEDIUM
Trend Micro Apex One - Denial of Service via Origin Validation Error
CVSS 5.5
CVE-2022-23764 HIGH
teruten webcube 1.0.5.5-1.1.9.9 - Remote Code Execution via Insufficient Update File Verification
CVSS 8.8
CVE-2022-1497 MEDIUM
Google Chrome < 101.0.4951.41 - Origin Validation Error via Crafted HTML Page
CVSS 6.5
CVE-2022-31151 LOW
undici < 5.7.1 - Cookie Header Leakage on Cross-Origin Redirect
CVSS 3.7
CVE-2022-26137 HIGH
Atlassian Bamboo < 8.0.9, 8.1.0-8.1.8, 8.2.0-8.2.4 - Unauthenticated CORS Bypass via Servlet Filter Invocation
CVSS 8.8
CVE-2022-23763 HIGH
NeoRS < 2021.3.10.1 - Origin Validation Error in ActiveX Module
CVSS 7.8
CVE-2022-1747 MEDIUM
Dominion Voting Systems ImageCast X - Unauthenticated Ballot Printing via Authentication Forgery
CVSS 4.6
CVE-2022-30228 HIGH
SICAM GridEdge Essential < 2.6.6 - Origin Validation Error
CVSS 8.8
CVE-2022-31024 MEDIUM
NextCloud Collabra <6.0.0, <5.0.4, <4.2.6 - Info Disclosure
CVSS 6.5
CVE-2022-25227 HIGH
Thinfinity VNC 4.0.0.1 - Origin Validation Error
CVSS 8.8
CVE-2022-29818 LOW
JetBrains IntelliJ IDEA < 2022.1 - Origin Validation Error in Internal Web Server
CVSS 3.9
CVE-2022-22594 MEDIUM
Safari < 15.3 - Cross-Origin Data Leak via IndexedDB API
CVSS 6.5
CVE-2022-24762 MEDIUM
sysend.js < 1.10.0 - Origin Validation Error
CVSS 6.5
CVE-2022-25146 MEDIUM
Liferay Portal 7.4.3.4-7.4.3.8 and DXP < 7.4.13.u5 - CSRF Token Exfiltration via Remote App Event Message
CVSS 5.3
CVE-2022-0120 MEDIUM
Google Chrome < 97.0.4692.71 - Origin Validation Error via Password Manager
CVSS 6.5
CVE-2022-0113 MEDIUM
Google Chrome <97.0.4692.71 - Info Disclosure
CVSS 6.5
CVE-2022-0111 MEDIUM
Google Chrome < 97.0.4692.71 - Origin Validation Error via Crafted HTML Page
CVSS 6.5
CVE-2022-0108 MEDIUM
Google Chrome <97.0.4692.71 - Info Disclosure
CVSS 6.5
CVE-2022-21712 HIGH
Twisted 11.1.0-22.1.0 - Origin Validation Error in RedirectAgent
CVSS 7.5
CVE-2022-23032 MEDIUM
F5 BIG-IP APM <11.6.5 & Client <7.1.9 DNS Rebinding via Proxy
CVSS 5.3
CVE-2021-47157 CRITICAL
Kossy < 0.60 - JSON Hijacking via X-Requested-With Header Mishandling
CVSS 9.8
Details
Vulnerabilities 556
Links
MITRE CWE Entry Search this CWE With Exploits