CWE-346

Origin Validation Error

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The product does not properly verify that the source of data or communication is valid.

556 vulnerabilities with CWE-346
CVE-2024-32642 HIGH
MasaCMS < 7.2.8 - Account Takeover via Host Header Poisoning
CVSS 8.8
CVE-2024-14006 MEDIUM
Nagios XI < 2024R1.2.2 - Host Header Injection
CVSS 6.1
CVE-2024-13068 HIGH
LimonDesk <1.02.17 - Forceful Browsing
CVSS 7.3
CVE-2024-12973 MEDIUM
Akinsoft OctoCloud s1.09.01-v1.11.01 - HTTP Response Splitting via Origin Validation Error
CVSS 4.7
CVE-2024-31127 HIGH
Zscaler Client Connector <4.2.0.241 - Privilege Escalation
CVSS 7.3
CVE-2024-45354 MEDIUM
Xiaomi shop application 5.30.0.20241103.r1 - Remote Code Execution
CVSS 4.3
CVE-2024-45353 MEDIUM
Xiaomi quick app framework - Intent Redirection via Improper Input Validation
CVSS 4.3
CVE-2024-45352 HIGH
Xiaomi smarthome application 10.0.623 - Remote Code Execution
CVSS 8.8
CVE-2024-8487 CRITICAL
modelscope/agentscope <0.0.4 - CSRF
CVSS 9.8
CVE-2024-8183 HIGH
Prefect < 3.0.3 - Origin Validation Error in CORS Configuration
CVSS 7.6
CVE-2024-8024 HIGH
netease-youdao/qanything <1.4.1 - SSRF
CVSS 7.5
CVE-2024-7819 HIGH
danswer-ai/danswer < latest - Origin Validation Error in CORS Configuration
CVSS 7.4
CVE-2024-6844 MEDIUM
corydolphin/flask-cors 4.0.1 - Info Disclosure
CVSS 5.3
CVE-2024-11602 HIGH
feast 0.40.0 - Origin Validation Error in CORS Configuration
CVSS 7.4
CVE-2024-11045 CRITICAL
automatic1111/stable-diffusion-webui 1.10.0 - Cross-Site WebSocket Hijacking via Unvalidated WebSocket Connection
CVSS 9.6
CVE-2024-10956 HIGH
GPT Academy 3.83 - Cross-Site WebSocket Hijacking via Insufficient Origin Validation
CVSS 7.1
CVE-2024-55948 HIGH
Discourse < 3.3.2 - Cache Poisoning via Anonymous XHR Request
CVSS 8.2
CVE-2024-57965 NONE
axios < 1.7.8 - Origin Validation Error in isURLSameOrigin
CVE-2024-21245 MEDIUM
Oracle JD Edwards EnterpriseOne Tools < 9.2.9.0 - Authenticated Origin Validation Error via HTTP
CVSS 5.4
CVE-2024-55917 HIGH
Trend Micro Apex One < 14.0.14203 and < 2019.13140 - Privilege Escalation via Origin Validation Error
CVSS 7.8
CVE-2024-56170 MEDIUM
nicmx/fort-validator < 1.6.6 - Origin Validation Error via Manifest Rollback
CVSS 5.3
CVE-2024-54490 MEDIUM
macOS < 15.2 - Unprotected User Data Exposure via Keychain Access
CVSS 5.5
CVE-2024-44212 MEDIUM
Safari < 18.1 - Origin Validation Error via Cookie Management
CVSS 5.3
CVE-2024-45495 MEDIUM
MSA FieldServer Gateway <6.5.2 - SSRF
CVSS 4.3
CVE-2024-51072 MEDIUM
KIA Seltos Instrument Cluster 1.0 - Denial of Service via ECU Reset UDS Service
CVSS 5.3
Details
Vulnerabilities 556
Links
MITRE CWE Entry Search this CWE With Exploits