CVE-2018-6654
HIGHGrammarly - Unauthenticated Authentication Token Exposure via iframe.gr_-ifr Request
Title source: llmDescription
The Grammarly extension before 2018-02-02 for Chrome allows remote attackers to discover authentication tokens via an 'action: "user"' request to iframe.gr_-ifr, because the exposure of these tokens is not restricted to any specific web site.
References (1)
Core 1
Core References
Exploit, Issue Tracking, Third Party Advisory x_refsource_misc
https://bugs.chromium.org/p/project-zero/issues/detail?id=1527
Scores
CVSS v3
8.8
EPSS
0.0052
EPSS Percentile
39.6%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-346
Status
published
Products (1)
grammarly/grammarly
2018-02-02
Published
Feb 06, 2018
Tracked Since
Feb 18, 2026