Vulnerabilities > Origin Validation Error
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-04 | CVE-2021-32985 | Origin Validation Error vulnerability in Aveva System Platform 2020 AVEVA System Platform versions 2017 through 2020 R2 P01 does not properly verify that the source of data or communication is valid. | 6.5 |
| 2022-03-21 | CVE-2020-24772 | Origin Validation Error vulnerability in Clash Project Clash 0.11.4 In Dreamacro Clash for Windows v0.11.4, an attacker could embed a malicious iframe in a website with a crafted URL that would launch the Clash Windows client and force it to open a remote SMB share. | 6.8 |
| 2022-03-18 | CVE-2022-22594 | Origin Validation Error vulnerability in Apple products A cross-origin issue in the IndexDB API was addressed with improved input validation. | 4.3 |
| 2022-03-14 | CVE-2022-24762 | Origin Validation Error vulnerability in Sysend.Js Project Sysend.Js sysend.js is a library that allows a user to send messages between pages that are open in the same browser. | 6.5 |
| 2022-03-03 | CVE-2022-25146 | Origin Validation Error vulnerability in Liferay Digital Experience Platform and Liferay Portal The Remote App module in Liferay Portal Liferay Portal v7.4.3.4 through v7.4.3.8 and Liferay DXP 7.4 before update 5 does not check if the origin of event messages it receives matches the origin of the Remote App, allowing attackers to exfiltrate the CSRF token via a crafted event message. | 5.3 |
| 2022-02-20 | CVE-2021-46701 | Origin Validation Error vulnerability in Premid 2.2.0 PreMiD 2.2.0 allows unintended access via the websocket transport. | 6.4 |
| 2022-02-12 | CVE-2022-0108 | Origin Validation Error vulnerability in multiple products Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | 6.5 |
| 2022-02-12 | CVE-2022-0111 | Origin Validation Error vulnerability in multiple products Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to incorrectly set origin via a crafted HTML page. | 6.5 |
| 2022-02-12 | CVE-2022-0113 | Origin Validation Error vulnerability in multiple products Inappropriate implementation in Blink in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | 6.5 |
| 2022-02-12 | CVE-2022-0120 | Origin Validation Error vulnerability in multiple products Inappropriate implementation in Passwords in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially leak cross-origin data via a malicious website. | 6.5 |