Parity Browser 1.6.10 and earlier allows remote attackers to bypass the Same Origin Policy and obtain sensitive information by requesting other websites via the Parity web proxy engine (reusing the current website's token, which is not bound to an origin).
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2018-01-11T16:00:00
Updated: 2024-08-05T21:06:50.142Z
Reserved: 2018-01-02T00:00:00
Link: CVE-2017-18016
Vulnrichment
No data.
NVD
Status : Modified
Published: 2018-01-11T16:29:01.487
Modified: 2024-11-21T03:19:10.273
Link: CVE-2017-18016
Redhat
No data.