CWE-346 on ZAP /alerttags/cwe-346/ Recent content in CWE-346 on ZAP Hugo en-us Avoid permissive regex origin checks /docs/alerts/220008-4/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/220008-4/ <p>Detects unsafe postMessage usage and message event handling issues (missing origin validation, wildcard targetOrigin, tainted data flowing into DOM/code sinks).</p> <p>Generated by OWASP PTK SAST Module</p> Avoid postMessage with wildcard targetOrigin /docs/alerts/220008-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/220008-1/ <p>Detects unsafe postMessage usage and message event handling issues (missing origin validation, wildcard targetOrigin, tainted data flowing into DOM/code sinks).</p> <p>Generated by OWASP PTK SAST Module</p> Avoid weak origin substring checks /docs/alerts/220008-3/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/220008-3/ <p>Detects unsafe postMessage usage and message event handling issues (missing origin validation, wildcard targetOrigin, tainted data flowing into DOM/code sinks).</p> <p>Generated by OWASP PTK SAST Module</p> Cross-Site WebSocket Hijacking /docs/alerts/100025/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/100025/ <p>Server accepted WebSocket connection through HTTP Upgrade request with modified Origin header.</p> Message handler without origin validation /docs/alerts/220008-7/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/220008-7/ <p>Detects unsafe postMessage usage and message event handling issues (missing origin validation, wildcard targetOrigin, tainted data flowing into DOM/code sinks).</p> <p>Generated by OWASP PTK SAST Module</p> Origin check uses host fragment only /docs/alerts/220008-5/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/220008-5/ <p>Detects unsafe postMessage usage and message event handling issues (missing origin validation, wildcard targetOrigin, tainted data flowing into DOM/code sinks).</p> <p>Generated by OWASP PTK SAST Module</p> Review message event listeners /docs/alerts/220008-6/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/220008-6/ <p>Detects unsafe postMessage usage and message event handling issues (missing origin validation, wildcard targetOrigin, tainted data flowing into DOM/code sinks).</p> <p>Generated by OWASP PTK SAST Module</p> Specify postMessage targetOrigin /docs/alerts/220008-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/220008-2/ <p>Detects unsafe postMessage usage and message event handling issues (missing origin validation, wildcard targetOrigin, tainted data flowing into DOM/code sinks).</p> <p>Generated by OWASP PTK SAST Module</p> Web Message Injection (taint flow) /docs/alerts/220008-9/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/220008-9/ <p>Detects unsafe postMessage usage and message event handling issues (missing origin validation, wildcard targetOrigin, tainted data flowing into DOM/code sinks).</p> <p>Generated by OWASP PTK SAST Module</p> Wildcard reply from message handler /docs/alerts/220008-8/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/220008-8/ <p>Detects unsafe postMessage usage and message event handling issues (missing origin validation, wildcard targetOrigin, tainted data flowing into DOM/code sinks).</p> <p>Generated by OWASP PTK SAST Module</p>