Vulnerable Issues Found in the library

[salfakir]

ThreeShield Information Security Corporation has found a number of significant vulnerabilities in this library and are listed in more detail here: https://threeshield.ca/easyxdm-2.5.20.html

But to summarize, a user can craft the URL query to cause arbitrary redirection and/or XSS.
Possible mitigations:
Implement origin allowlist:
Restrict communication to a predefined list of trusted origins to prevent unauthorized access and iframe tampering.
To completely prevent the redirect:
Remove or comment out the code that does the redirection (line 58 of easyXDM/src/stack/HashTransport.js)