Vulnerabilities > Origin Validation Error

DATE CVE VULNERABILITY TITLE RISK
2023-10-03 CVE-2023-3654 Origin Validation Error vulnerability in Cashit Cashit! 03.A06Rks2023.02.37
cashIT! - serving solutions.
network
low complexity
cashit CWE-346
critical
9.8
2023-09-14 CVE-2023-2848 Origin Validation Error vulnerability in Movim
Movim prior to version 0.22 is affected by a Cross-Site WebSocket Hijacking vulnerability.
network
low complexity
movim CWE-346
8.8
2023-08-04 CVE-2023-29505 Origin Validation Error vulnerability in Zohocorp Manageengine Network Configuration Manager 12.6
An issue was discovered in Zoho ManageEngine Network Configuration Manager 12.6.165.
network
low complexity
zohocorp CWE-346
8.8
2023-08-01 CVE-2023-4045 Origin Validation Error vulnerability in multiple products
Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data from another site in violation of same-origin policy.
network
low complexity
mozilla debian CWE-346
5.3
2023-07-26 CVE-2023-30949 Origin Validation Error vulnerability in Palantir Slate
A missing origin validation in Slate sandbox could be exploited by a malicious user to modify the page's content, which could lead to phishing attacks.
network
low complexity
palantir CWE-346
5.3
2023-07-25 CVE-2023-2850 Origin Validation Error vulnerability in Nodebb
NodeBB is affected by a Cross-Site WebSocket Hijacking vulnerability due to missing validation of the request origin.
network
low complexity
nodebb CWE-346
4.7
2023-07-17 CVE-2023-3581 Origin Validation Error vulnerability in Mattermost Server
Mattermost fails to properly validate the origin of a websocket connection allowing a MITM attacker on Mattermost to access the websocket APIs.
network
high complexity
mattermost CWE-346
8.1
2023-07-13 CVE-2023-21260 Origin Validation Error vulnerability in Google Android
In notification access permission dialog box, malicious application can embedded a very long service label that overflow the original user prompt and possibly contains mis-leading information to be appeared as a system message for user confirmation.
local
low complexity
google CWE-346
5.5
2023-06-13 CVE-2023-2639 Origin Validation Error vulnerability in Rockwellautomation products
The underlying feedback mechanism of Rockwell Automation's FactoryTalk System Services that transfers the FactoryTalk Policy Manager rules to relevant devices on the network does not verify that the origin of the communication is from a legitimate local client device.  This may allow a threat actor to craft a malicious website that, when visited, will send a malicious script that can connect to the local WebSocket endpoint and wait for events as if it was a valid client device.
network
low complexity
rockwellautomation CWE-346
4.7
2023-06-02 CVE-2023-23601 Origin Validation Error vulnerability in Mozilla Firefox
Navigations were being allowed when dragging a URL from a cross-origin iframe into the same tab which could lead to website spoofing attacks.
network
low complexity
mozilla CWE-346
6.5