Approved changes feed: RSS · Atom
cpe:2.3:a:openai:operator:-:*:*:*:saas:*:*:*
part: a version: - update: *
| Vendor | Openai (d03898d9-f034-50e4-95fa-da85722b9697) |
|---|---|
| Product | Operator (c79ca9fc-b109-5216-b1ee-4fc98b30736d) |
| Edition | * |
| Language | * |
| Software edition | saas |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-7021 |
vulnerable | 2026-06-08 07:43:17.896557 |
OpenAI Operator - API Spoofing through Locking Operator on FullScreen
Fullscreen API Spoofing and UI Redressing in the handling of Fullscreen API and UI rendering in OpenAI Operator SaaS on Web allows a remote attacker to capture sensitive user input (e.g., login credentials, email addresses) via displaying a deceptive fullscreen interface with overlaid fake browser controls and a distracting element (like a cookie consent screen) to obscure fullscreen notifications, tricking the user into interacting with the malicious site.
Published: 2025-07-10T19:09:40.590Z
Updated: 2025-07-10T20:29:32.210Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.