CVE-2024-28895

2024-04-0100:16:08

jpcert

www.cve.org

yahoo! japan

xss

vulnerability

android

ios

webview

6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

‘Yahoo! JAPAN’ App for Android v2.3.1 to v3.161.1 and ‘Yahoo! JAPAN’ App for iOS v3.2.2 to v4.109.0 contain a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the WebView of ‘Yahoo! JAPAN’ App via other app installed on the user’s device.

CNA Affected

[
  {
    "vendor": "LY Corporation",
    "product": "'Yahoo! JAPAN' App for Android",
    "versions": [
      {
        "version": "v2.3.1 to v3.161.1",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "LY Corporation",
    "product": "'Yahoo! JAPAN' App for iOS",
    "versions": [
      {
        "version": "v3.2.2 to v4.109.0",
        "status": "affected"
      }
    ]
  }
]

References

jvn.jp/en/jp/JVN23528780/