CVE-2020-28481


Insecure Defaults

The package socket.io before 2.4.0 are vulnerable to Insecure Defaults due to CORS Misconfiguration. All domains are whitelisted by default.


We have discovered 5,617 live websites that are affected by CVE-2020-28481.

Contact us to get more info



Affected Software

Product  Socket.io
Category JavaScript Frameworks
Vulnerable Versions
  • from 0 before 2.4
Total Vulnerable Versions119
Vulnerable Domains5,617 live websites (74.59% of Socket.io install base)


Distribution by Website Rank

The diagram provides a graphic representation of the correlation between the occurrence of CVE-2020-28481 and the relative popularity of websites


Details

  • Published - Jan 19, 2021
  • Updated - Jan 19, 2021

Credits

  • ni8walk3r




Countries

United States2,550 websites


France348 websites
Germany291 websites
Netherlands273 websites
Russia208 websites
Czech Republic175 websites
Indonesia165 websites
Italy132 websites
India114 websites
Vietnam110 websites

TLDs

.com2,771 websites
.net339 websites
.org193 websites
.ru176 websites
.cz165 websites
.io121 websites
.fr114 websites
.de93 websites
.com.br87 websites
.co60 websites

Vulnerable Versions

Vulnerable versions are highlighted in red


Geographical Distribution

The distribution of websites across the globe that are exposed to CVE-2020-28481 through included software libraries and plugins.



References


Websites affected by CVE-2020-28481

Top websites that are affected by CVE-2020-28481. Please click on the "Contact us" button above to get more information.
DomainCountryRankContacts
**.edu United States**,***
***.****.com United States**,***
***.**************.com France**,***
***.*********.com United States**,***
****.*******.co United States**,***
******.com India**,***
**************.com Germany**,***
***.**********.com United States**,***
**.****.net China**,***
**********.com **,***
See full domain list