Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-942

CWE-942

Permissive Cross-domain Security Policy with Untrusted Domains

Parent: CWE-863 - Incorrect Authorization

The product uses a web-client protection mechanism such as a Content Security Policy (CSP) or cross-domain policy file, but the policy includes untrusted domains with which the web client is allowed to communicate.

97 vulnerabilities with CWE-942

CVE-2024-21382 MEDIUM

Microsoft Edge Chromium < 121.0.2277.83 - Information Disclosure via Permissive Cross-domain Security Policy

CVE-2023-37401 MEDIUM

IBM Aspera Faspex 5.0.0-5.0.13.1 - Permissive Cross-domain Security Policy with Untrusted Domains

CVE-2023-37526 MEDIUM

HCL DRYiCE Lucy - Cross-Origin Resource Sharing Misconfiguration

CVE-2023-38125 HIGH

Softing edgeAggregator < 3.50 - Authenticated Remote Code Execution via Missing Content Security Policy Headers

CVE-2023-38122 HIGH

Inductive Automation Ignition < 8.1.26 - Authenticated RCE via OPC UA Quick Client

CVE-2023-45213 MEDIUM

Westermo L206-f2g Firmware - Permissive CORS Policy

CVE-2023-50940 MEDIUM

IBM PowerSC 1.3, 2.0, 2.1 - Permissive Cross-domain Security Policy with Untrusted Domains

CVE-2023-46281 HIGH

Siemens Opcenter Quality < V2312 - Permissive Cross-domain Security Policy

CVE-2023-25603 MEDIUM

FortiADC 7.1.0-7.1.1 and FortiDDoS-F 6.3.0-6.3.4, 6.4.0-6.4.1 - Permissive Cross-domain Policy with Untrusted Domains

CVE-2023-46098 HIGH

SIMATIC PCS neo < 4.1 - Permissive Cross-domain Security Policy with Untrusted Domains

CVE-2023-36829 MEDIUM

Sentry 23.6.0-23.6.2 - Permissive Cross-domain Security Policy via Origin Header

CVE-2023-2360 HIGH

Acronis Cyber Infrastructure <5.2.0-135 - Info Disclosure

CVE-2023-23464 HIGH

Media Control Panel - Permissive Cross-domain Security Policy with Untrusted Domains

CVE-2023-23128 MEDIUM

Connectwise Control 22.8.10013.8329 - Permissive Cross-domain Security Policy with Untrusted Domains

CVE-2022-34366 MEDIUM

Dell SupportAssist < 3.11.2 Authenticated Information Disclosure via Cross-domain Whitelist

CVE-2022-47717 HIGH

Last Yard 22.09.8-1 - Permissive Cross-domain Security Policy with Untrusted Domains

CVE-2022-26969 CRITICAL

Directus < 9.7.0 - Permissive Cross-domain Security Policy with Untrusted Domains

CVE-2022-31736 CRITICAL

Firefox < 101 and Firefox ESR < 91.10 - Cross-Origin Resource Size Leak via Range Requests

CVE-2021-27786 MEDIUM

HCL OneTest Server - Permissive Cross-domain Security Policy with Untrusted Domains

CVE-2021-34435 HIGH

Eclipse Theia 0.3.9-1.8.1 - Remote Code Execution via Mini-Browser HTML Preview

CVE-2020-36851 CRITICAL

cors-anywhere - Unauthenticated Server-Side Request Forgery via Open Proxy Configuration

CVE-2019-14860 MEDIUM

Red Hat Fuse < 7.5.0 - Permissive Cross-domain Security Policy with Untrusted Domains

Previous Page 4 of 4

Details

Vulnerabilities 97

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy