Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in xdLocalStorage through 2.0.5. The postData() function in xdLocalStoragePostMessageApi.js specifies the wildcard (*) as the targetOrigin when calling the postMessage() function on the parent object. Therefore any domain can load the application hosting the "magical iframe" and receive the messages that the "magical iframe" sends.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
xdLocalStorage 输入验证错误漏洞
Vulnerability Description
xdLocalStorage是一款支持跨域数据存储的轻量级JavaScript库。 xdLocalStorage 2.0.5及之前版本中的xdLocalStoragePostMessageApi.js的‘postData()’函数存在输入验证错误漏洞。攻击者可利用该漏洞获取敏感信息。
CVSS Information
N/A
Vulnerability Type
N/A