SecuritySpace - CVE-2018-6654

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

CVE ID: CVE-2018-6654

Description: The Grammarly extension before 2018-02-02 for Chrome allows remote attackers to discover authentication tokens via an 'action: "user"' request to iframe.gr_-ifr, because the exposure of these tokens is not restricted to any specific web site.

Test IDs: 1.3.6.1.4.1.25623.1.0.812696 1.3.6.1.4.1.25623.1.0.812698 1.3.6.1.4.1.25623.1.0.812697

Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2018-6654
https://bugs.chromium.org/p/project-zero/issues/detail?id=1527

CVE ID:	CVE-2018-6654
Description:	The Grammarly extension before 2018-02-02 for Chrome allows remote attackers to discover authentication tokens via an 'action: "user"' request to iframe.gr_-ifr, because the exposure of these tokens is not restricted to any specific web site.
Test IDs:	1.3.6.1.4.1.25623.1.0.812696 1.3.6.1.4.1.25623.1.0.812698 1.3.6.1.4.1.25623.1.0.812697
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2018-6654 https://bugs.chromium.org/p/project-zero/issues/detail?id=1527