Clevertap Web Sdk
Monthly
CleverTap Web SDK versions 1.15.2 and earlier contain a DOM-based XSS vulnerability in the Visual Builder module due to improper origin validation of postMessage events, allowing attackers to inject malicious scripts through crafted subdomains. Public exploit code exists for this vulnerability, which affects all users of the affected SDK versions. An attacker can execute arbitrary JavaScript in the context of a victim's browser session to steal sensitive data or perform unauthorized actions.
CleverTap Web SDK through version 1.15.2 contains a cross-site scripting vulnerability in its postMessage handler that fails to properly validate message origins, allowing attackers to inject malicious scripts by exploiting subdomain bypass techniques. Public exploit code exists for this vulnerability, and affected applications can be compromised through user interaction. A patch is available to address the insufficient origin validation in the nativeDisplay.js component.
CleverTap Web SDK versions 1.15.2 and earlier contain a DOM-based XSS vulnerability in the Visual Builder module due to improper origin validation of postMessage events, allowing attackers to inject malicious scripts through crafted subdomains. Public exploit code exists for this vulnerability, which affects all users of the affected SDK versions. An attacker can execute arbitrary JavaScript in the context of a victim's browser session to steal sensitive data or perform unauthorized actions.
CleverTap Web SDK through version 1.15.2 contains a cross-site scripting vulnerability in its postMessage handler that fails to properly validate message origins, allowing attackers to inject malicious scripts by exploiting subdomain bypass techniques. Public exploit code exists for this vulnerability, and affected applications can be compromised through user interaction. A patch is available to address the insufficient origin validation in the nativeDisplay.js component.