Back

Same-origin policy vulnerability in Bitdefender Safepay

Publication date: April 12th, 2021

CVE ID:

CVE-2020-15734

CVSS scrore:

5.5 - http://cvssjs.github.io/#CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Affected vendors:

Bitdefender

Affected products:

Bitdefender Safepay

Vulnerability details:

An Origin Validation Error vulnerability in Bitdefender Safepay allows an attacker to manipulate the browser’s file upload capability into accessing other files in the same directory or sub-directories

Additional details:

An automatic update to version 25.0.7.29 fixes the issue.

Credit:

Narendra Bhati