Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Exposure of Sensitive Information to an Unauthorized Actor in sysend.js
Vulnerability Description
sysend.js is a library that allows a user to send messages between pages that are open in the same browser. Users that use cross-origin communication may have their communications intercepted. Impact is limited by the communication occurring in the same browser. This issue has been patched in sysend.js version 1.10.0. The only currently known workaround is to avoid sending communications that a user does not want to have intercepted via sysend messages.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Vulnerability Type
信息暴露
Vulnerability Title
sysend.js 访问控制错误漏洞
Vulnerability Description
sysend.js是波兰Jakub T. Jankiewicz个人开发者的一个小型库。用于 Web 应用程序同步。 sysend.js 存在访问控制错误漏洞,该漏洞源于使用跨域通信的用户可能会被攻击者截获他们的通信。
CVSS Information
N/A
Vulnerability Type
N/A