CVE-2026-2345

{"id": "CVE-2026-2345", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "7004884b-51e2-48e8-b4a2-5ca29e80453e", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.6, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 1.0}]}, "published": "2026-02-11T15:16:18.160", "references": [{"url": "https://www.hckrt.com/hacktivity/46b61f36-b685-4667-aebf-82a67ad69ad6", "source": "7004884b-51e2-48e8-b4a2-5ca29e80453e"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "7004884b-51e2-48e8-b4a2-5ca29e80453e", "description": [{"lang": "en", "value": "CWE-346"}]}], "descriptions": [{"lang": "en", "value": "Proctorio Chrome Extension is a browser extension used for online proctoring. The extension contains multiple window.addEventListener('message', ...) handlers that do not properly validate the origin of incoming messages. Specifically, an internal messaging bridge processes messages based solely on the presence of a fromWebsite property without verifying the event.origin attribute."}, {"lang": "es", "value": "La extensi\u00f3n de Chrome de Proctorio es una extensi\u00f3n de navegador utilizada para la supervisi\u00f3n en l\u00ednea. La extensi\u00f3n contiene m\u00faltiples manejadores window.addEventListener('message', ...) que no validan correctamente el origen de los mensajes entrantes. Espec\u00edficamente, un puente de mensajer\u00eda interno procesa los mensajes bas\u00e1ndose \u00fanicamente en la presencia de una propiedad fromWebsite sin verificar el atributo event.origin."}], "lastModified": "2026-04-15T00:35:42.020", "sourceIdentifier": "7004884b-51e2-48e8-b4a2-5ca29e80453e"}