Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Insufficient Origin Validation in Proctorio Chrome Extension postMessage Handlers
Vulnerability Description
Proctorio Chrome Extension is a browser extension used for online proctoring. The extension contains multiple window.addEventListener('message', ...) handlers that do not properly validate the origin of incoming messages. Specifically, an internal messaging bridge processes messages based solely on the presence of a fromWebsite property without verifying the event.origin attribute.
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
Vulnerability Type
源验证错误
Vulnerability Title
Proctorio Secure Exam Proctor Extension 安全漏洞
Vulnerability Description
Proctorio Secure Exam Proctor Extension是Proctorio公司的一个在线监考插件。 Proctorio Secure Exam Proctor Extension存在安全漏洞,该漏洞源于消息处理程序未正确验证消息来源,可能导致处理恶意消息。
CVSS Information
N/A
Vulnerability Type
N/A