CWE-942

Permissive Cross-domain Security Policy with Untrusted Domains

Parent: CWE-863 - Incorrect Authorization

The product uses a web-client protection mechanism such as a Content Security Policy (CSP) or cross-domain policy file, but the policy includes untrusted domains with which the web client is allowed to communicate.

84 vulnerabilities with CWE-942
CVE-2024-22348 MEDIUM
IBM DevOps Velocity 5.0.0, IBM UrbanCode Velocity 4.0.0-4.0.25 - SSRF
CVSS 5.3
CVE-2024-53276 MEDIUM
Home-Gallery.org <1.15.0 - CSRF
CVE-2024-49763 HIGH
PlexRipper <0.24.0 - SSRF
CVE-2024-45642 MEDIUM
IBM Security Qradar Edr < 3.12.12 - Permissive CORS Policy
CVSS 5.3
CVE-2024-10315 MEDIUM
Gliffy Online <4.14.0-6 - Info Disclosure
CVE-2024-6449 MEDIUM
HyperView Geoportal Toolkit <8.5.0 - SSRF
CVSS 6.5
CVE-2024-41657 HIGH
Casbin Casdoor - Permissive CORS Policy
CVSS 8.1
CVE-2024-41659 HIGH
Memos < 0.21.0 - Permissive CORS Policy
CVSS 8.1
CVE-2024-32862 MEDIUM
Johnsoncontrols Exacqvision Web Service - Permissive CORS Policy
CVSS 6.8
CVE-2024-37131 HIGH
Dell Policy Manager For Secure Connec... - Permissive CORS Policy
CVSS 7.5
CVE-2024-23823 MEDIUM
Vantage6 < 4.2.1 - Incorrect Authorization
CVSS 4.2
CVE-2024-25124 CRITICAL
Fiber <2.52.1 - CORS-related Vuln
CVSS 9.4
CVE-2024-21382 MEDIUM
Microsoft Edge Chromium < 121.0.2277.83 - Permissive CORS Policy
CVSS 4.3
CVE-2023-37401 MEDIUM
IBM Aspera Faspex < 5.0.14 - Permissive CORS Policy
CVSS 5.3
CVE-2023-37526 MEDIUM
HCL DRYiCE Lucy (AEX) - XSS
CVSS 6.5
CVE-2023-38125 HIGH
Softing Edgeaggregator < 3.50 - Permissive CORS Policy
CVSS 8.8
CVE-2023-38122 HIGH
Inductiveautomation Ignition < 8.1.26 - Permissive CORS Policy
CVSS 7.2
CVE-2023-45213 MEDIUM
Westermo L206-f2g Firmware - Permissive CORS Policy
CVSS 6.6
CVE-2023-50940 MEDIUM
IBM Powersc - Permissive CORS Policy
CVSS 5.3
CVE-2023-46281 HIGH
Siemens Opcenter Quality < 4.1 - Permissive CORS Policy
CVSS 7.1
CVE-2023-25603 MEDIUM
Fortinet Fortiadc < 6.3.4 - Permissive CORS Policy
CVSS 5.4
CVE-2023-46098 HIGH
SIMATIC PCS neo <V4.1 - SSRF
CVSS 8.0
CVE-2023-36829 MEDIUM
Sentry <23.6.2 - Open Redirect
CVSS 6.8
CVE-2023-2360 HIGH
Acronis Cyber Infrastructure <5.2.0-135 - Info Disclosure
CVSS 7.5
CVE-2023-23464 HIGH
Mediacp Media Control Panel - Permissive CORS Policy
CVSS 8.1
Details
Vulnerabilities 84
Links
MITRE CWE Entry Search this CWE With Exploits