Cyberdigm Destiny ECM Permissive Cross-Domain Policy Vulnerability Allowing CSRF and JSON Hijacking

Vulnerability

A vulnerability in the local API server of the Cyberdigm Destiny ECM solution, which may allow Cross-Site Request Forgery (CSRF) attacks, probabilistically enabling JSON Hijacking. This issue arises from a permissive cross-domain policy that includes untrusted domains. The vulnerability is present in several different versions of Destiny ECM, and due to product customization, version information may vary.

Impact

Exploitation of this vulnerability could lead to Cross-Site Request Forgery (CSRF) attacks, with a probabilistic chance of allowing JSON Hijacking.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Cyberdigm Destiny ECM Permissive Cross-Domain Policy Vulnerability Allowing CSRF and JSON Hijacking

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating