Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
CleverTap Web SDK version 1.15.2 and earlier is vulnerable to Cross-Site Scripting (XSS) via window.postMessage. The handleCustomHtmlPreviewPostMessageEvent function in src/util/campaignRender/nativeDisplay.js performs insufficient origin validation using the includes() method, which can be bypassed by an attacker using a subdomain
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
CleverTap Web SDK 安全漏洞
Vulnerability Description
CleverTap Web SDK是CleverTap开源的一个开发者工具包。 CleverTap Web SDK 1.15.2及之前版本存在安全漏洞,该漏洞源于src/util/campaignRender/nativeDisplay.js中的handleCustomHtmlPreviewPostMessageEvent函数使用includes方法进行来源验证不足,可能导致跨站脚本攻击。
CVSS Information
N/A
Vulnerability Type
N/A