Description

Chrome Logger is a Google Chrome extension for debugging server side applications in the Chrome console. When enabled, the server side component will return headers named X-ChromePhp-Data or X-ChromeLogger-Data. The value of these headers contains possible sensitive information and should not be present in production systems.

Remediation

Disable debugging helpers in production systems.

References

Chrome Logger

Related Vulnerabilities

WordPress Plugin Simple File Downloader Cross-Site Scripting (1.0.4)

WordPress Plugin All-In-One Security (AIOS)-Security and Firewall Multiple Vulnerabilities (4.1.2)

WordPress Plugin Stop User Enumeration Cross-Site Scripting (1.3.7)

phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-5000)

WordPress Plugin Backup, Restore and Migrate WordPress Sites With the XCloner Multiple Vulnerabilities (3.1.1)

Severity

Medium

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration Information Disclosure