Evernote Web Clipper Same-Origin Policy Bypass

CVE Category Price Severity
CVE-2019-12549 CWE-346 Not specified High
Author Risk Exploitation Type Date
Sergey Toshin High Remote 2022-12-06
Our sensors found this exploit at:

Below is a copy:

Evernote Web Clipper Same-Origin Policy Bypass
evernote: extension allows cross-origin iframe communication

I happened to notice that the Evernote Web Clipper (3,000,000+ users) allows any website to bypass the same origin policy.

If you send a message like window.postMessage({type: \"EN_request\", name: \"EN_SerializeTo\", data: { frameName: id }), the frame DOM is collected and then posted back to the top window.

I made a quick demo exploit:

I notice the evernote website requests that all vulnerabilities are submitted via HackerOne, but I'm unwilling to do that.

I'll send a report to the Chrome Webstore policy team instead, who can handle contacting the registered developer.

Found by: [email protected]

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.