cvedb.io
CVE-2022-24762
MEDIUM · CVSS 6.5
EPSS exploitation probability: 0%
Published 2022-03-14T23:15:08.427 · Last modified 2026-06-17T04:32:27.710

Summary

sysend.js is a library that allows a user to send messages between pages that are open in the same browser. Users that use cross-origin communication may have their communications intercepted. Impact is limited by the communication occurring in the same browser. This issue has been patched in sysend.js version 1.10.0. The only currently known workaround is to avoid sending communications that a user does not want to have intercepted via sysend messages.

Affected products

sysend.js_project — sysend.js

Does this affect you?

Add your gear to cvedb and we'll alert you only when sysend.js_project ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.