Security Advisory

CVE-2020-11611

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2020-04-07 17:18:54
Last updated 2024-08-04 11:35:13
Assigner mitre
State PUBLISHED

Description

An issue was discovered in xdLocalStorage through 2.0.5. The buildMessage() function in xdLocalStorage.js specifies the wildcard (*) as the targetOrigin when calling the postMessage() function on the iframe object. Therefore any domain that is currently loaded within the iframe can receive the messages that the client sends.