CVE-2022-24762 — MEDIUM (6.5)

Q: How severe is CVE-2022-24762?

CVE-2022-24762 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-24762?

Check the references section above for vendor advisories and patch information. Affected products include: Sysend.Js Project Sysend.Js.

Vulnerability Description

sysend.js is a library that allows a user to send messages between pages that are open in the same browser. Users that use cross-origin communication may have their communications intercepted. Impact is limited by the communication occurring in the same browser. This issue has been patched in sysend.js version 1.10.0. The only currently known workaround is to avoid sending communications that a user does not want to have intercepted via sysend messages.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Sysend.Js Project	Sysend.Js	< 1.10.0

Related Weaknesses (CWE)

CWE-346 CWE-200

References

https://github.com/jcubic/sysend.js/commit/a24f4b776fb18191ae0f7e3d90c2c7bec4594PatchThird Party Advisory
https://github.com/jcubic/sysend.js/issues/33ExploitIssue TrackingThird Party Advisory
https://github.com/jcubic/sysend.js/releases/tag/1.10.0Release NotesThird Party Advisory
https://github.com/jcubic/sysend.js/security/advisories/GHSA-4vvg-x86p-mvqcThird Party Advisory
https://github.com/jcubic/sysend.js/commit/a24f4b776fb18191ae0f7e3d90c2c7bec4594PatchThird Party Advisory
https://github.com/jcubic/sysend.js/issues/33ExploitIssue TrackingThird Party Advisory
https://github.com/jcubic/sysend.js/releases/tag/1.10.0Release NotesThird Party Advisory
https://github.com/jcubic/sysend.js/security/advisories/GHSA-4vvg-x86p-mvqcThird Party Advisory

FAQ

What is CVE-2022-24762?

CVE-2022-24762 is a vulnerability with a CVSS score of 6.5 (MEDIUM). sysend.js is a library that allows a user to send messages between pages that are open in the same browser. Users that use cross-origin communication may have their communications intercepted. Impact ...

How severe is CVE-2022-24762?

CVE-2022-24762 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-24762?

Check the references section above for vendor advisories and patch information. Affected products include: Sysend.Js Project Sysend.Js.