Skip to content

Public Vulnerability Disclosures

CVE Assigned:

CVE-2015-9544: xdLocalStorage magic iframe missing origin validation when receiving messages

CVE-2015-9545: xdLocalStorage client missing origin validation when receiving messages

CVE-2020-11610: xdLocalStorage magic iframe uses wildcard targetOrigin when sending messages

CVE-2020-11611: xdLocalStorage client uses wildcard targetOrigin when sending messages

No CVE Assigned/Requested

Office365 ActiveSync Username Enumeration