Lucene search

JpcertCVE-2024-28895

HistoryApr 01, 2024 - 1:15 a.m.

CVE-2024-28895

2024-04-0101:15:46

jpcert

web.nvd.nist.gov

yahoo! japan

android

ios

cross-site scripting

vulnerability

webview

arbitrary script

nvd

AI Score

5.9

Confidence

High

EPSS

Percentile

9.0%

JSON

‘Yahoo! JAPAN’ App for Android v2.3.1 to v3.161.1 and ‘Yahoo! JAPAN’ App for iOS v3.2.2 to v4.109.0 contain a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the WebView of ‘Yahoo! JAPAN’ App via other app installed on the user’s device.

Affected configurations

Vulners

Node

ly_corporation\'yahoo\!_japan\'_app_for_androidRange2.3.1–3.161.1

ly_corporation\'yahoo\!_japan\'_app_for_iosRange3.2.2–4.109.0

VendorProductVersionCPE
ly_corporation\'yahoo\!_japan\'_app_for_android*cpe:2.3:a:ly_corporation:\'yahoo\!_japan\'_app_for_android:*:*:*:*:*:*:*:*
ly_corporation\'yahoo\!_japan\'_app_for_ios*cpe:2.3:a:ly_corporation:\'yahoo\!_japan\'_app_for_ios:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ly_corporation	\'yahoo\!_japan\'_app_for_android	*	cpe:2.3:a:ly_corporation:\'yahoo\!_japan\'_app_for_android::::::::
ly_corporation	\'yahoo\!_japan\'_app_for_ios	*	cpe:2.3:a:ly_corporation:\'yahoo\!_japan\'_app_for_ios::::::::

CNA Affected

[
  {
    "vendor": "LY Corporation",
    "product": "'Yahoo! JAPAN' App for Android",
    "versions": [
      {
        "version": "v2.3.1 to v3.161.1",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "LY Corporation",
    "product": "'Yahoo! JAPAN' App for iOS",
    "versions": [
      {
        "version": "v3.2.2 to v4.109.0",
        "status": "affected"
      }
    ]
  }
]

References

jvn.jp/en/jp/JVN23528780/