QwikSec

Security Database

CVE

CWE

Training

CVE-2022-24762

Published: Mar 14, 2022

Modified: Sep 18, 2024

PUBLISHED

CVSS v3.1

6.5

MEDIUM

Description

sysend.js is a library that allows a user to send messages between pages that are open in the same browser. Users that use cross-origin communication may have their communications intercepted. Impact is limited by the communication occurring in the same browser. This issue has been patched in sysend.js version 1.10.0. The only currently known workaround is to avoid sending communications that a user does not want to have intercepted via sysend messages.

Vendor	Product	Versions
jcubic	sysend.js	affected `< 1.10.0`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

References

https://github.com/jcubic/sysend.js/security/advisories/GHSA-4vvg-x86p-mvqc

x_refsource_CONFIRM

https://github.com/jcubic/sysend.js/issues/33

x_refsource_MISC

https://github.com/jcubic/sysend.js/commit/a24f4b776fb18191ae0f7e3d90c2c7bec459431a

x_refsource_MISC

https://github.com/jcubic/sysend.js/releases/tag/1.10.0

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.