Vulnerabilities > Origin Validation Error
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-04-03 | CVE-2018-4319 | Origin Validation Error vulnerability in Apple products A cross-origin issue existed with "iframe" elements. | 5.8 |
| 2019-03-26 | CVE-2019-9764 | Origin Validation Error vulnerability in Hashicorp Consul 1.4.3 HashiCorp Consul 1.4.3 lacks server hostname verification for agent-to-agent TLS communication. | 5.8 |
| 2019-02-28 | CVE-2018-18499 | Origin Validation Error vulnerability in Mozilla Firefox and Firefox ESR A same-origin policy violation allowing the theft of cross-origin URL entries when using a meta http-equiv="refresh" on a page to cause a redirection to another site using performance.getEntries(). | 4.3 |
| 2019-02-28 | CVE-2018-18494 | Origin Validation Error vulnerability in Mozilla Firefox and Firefox ESR A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redirection to another site using performance.getEntries(). | 4.3 |
| 2019-02-28 | CVE-2018-12402 | Origin Validation Error vulnerability in multiple products The internal WebBrowserPersist code does not use correct origin context for a resource being saved. | 4.3 |
| 2019-02-19 | CVE-2019-5773 | Origin Validation Error vulnerability in multiple products Insufficient origin validation in IndexedDB in Google Chrome prior to 72.0.3626.81 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. | 6.5 |
| 2019-02-17 | CVE-2019-7399 | Origin Validation Error vulnerability in Amazon Fire OS 5.3.6.3 Amazon Fire OS before 5.3.6.4 allows a man-in-the-middle attack against HTTP requests for "Terms of Use" and Privacy pages. | 5.8 |
| 2019-01-28 | CVE-2018-20745 | Origin Validation Error vulnerability in Yiiframework YII Yii 2.x through 2.0.15.1 actively converts a wildcard CORS policy into reflecting an arbitrary Origin header value, which is incompatible with the CORS security design, and could lead to CORS misconfiguration security problems. | 4.3 |
| 2019-01-28 | CVE-2018-20744 | Origin Validation Error vulnerability in GO Cors Project GO Cors The Olivier Poitrey Go CORS handler through 1.3.0 actively converts a wildcard CORS policy into reflecting an arbitrary Origin header value, which is incompatible with the CORS security design, and could lead to CORS misconfiguration security problems. | 4.3 |
| 2019-01-09 | CVE-2018-16072 | Origin Validation Error vulnerability in Google Chrome A missing origin check related to HLS manifests in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to bypass same origin policy via a crafted HTML page. | 6.5 |