Last Modified: July 3, 2023
sysend.js is a library that allows a user to send messages between pages that are open in the same browser. Users that use cross-origin communication may have their communications intercepted. Impact is limited by the communication occurring in the same browser. This issue has been patched in sysend.js version 1.10.0. The only currently known workaround is to avoid sending communications that a user does not want to have intercepted via sysend messages.
Tweets last week: 0
Remaining steady
Yahoo results: 0
Remaining steady
Current EPSS Score: 0.00106
Remaining steady
Reddit Posts: 1
Remaining steady
Github Repos: 0
Remaining steady
Found exploits:
Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Unchanged
Confidentiality: High
Integrity: None
Availability: None
Base Score: 6.5
Exploitability Score:
2.8
Impact Score: 3.6
CVSS V3: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Access Vector: Network
Access Complexity: Medium
Authentication: None
Confidentiality Impact: Partial
Integrity Impact: None
Availability Impact: None
Base Score: 4.3
Exploitability Score: 8.6
Impact Score: 2.9
CVSS V2: AV:N/AC:M/Au:N/C:P/I:N/A:N
CWE-346
| Condition | Configuration | |
|---|---|---|
| OR | ||
| OR | ||
| cpe:2.3:a:sysend.js_project:sysend.js:*:*:*:*:*:node.js:*:* Part: a Vendor: sysend.js_project | Alle Schwachstellen für sysend.js_project | |
CWE-ID:
CWE-200
<?xml version="1.0" ?>
<set operator="and">
<set operator="or">
<prop key="application" value="cpe:2.3:a:sysend.js_project:sysend.js:*:*:*:*:*:node.js:*:*"/>
</set>
<prop key="program_influence" value="input"/>
<prop key="range" value="remote"/>
</set>
<?xml version="1.0" ?>
<set operator="and">
<set operator="or">
<prop key="application" value="cpe:2.3:a:sysend.js_project:sysend.js:*:*:*:*:*:node.js:*:*"/>
</set>
<prop key="program_influence" value="input"/>
<prop key="data" value="any"/>
<prop key="data_influence" value="read"/>
<prop key="range" value="remote"/>
</set>