Vulnerabilities

CVE-2019-11354

by Fred · 19/04/2019

The client in Electronic Arts (EA) Origin 10.5.36 on Windows allows template injection in the title parameter of the Origin2 URI handler. This can be used to escape the underlying AngularJS sandbox and achieve remote code execution via an URL for QtApplication QDesktopServices communication.

Date published : 2019-04-19

http://gamasutra.com/view/news/340907/A_nowfixed_Origin_vulnerability_potentially_opened_the_client_to_hackers.php

http://packetstormsecurity.com/files/153375/dotProject-2.1.9-SQL-Injection.html

Similar

Tags: Cybersecurity Alert