Lucene search
JpcertCVELIST:CVE-2024-45203HistorySep 09, 2024 - 6:42 a.m.
CVE-2024-45203
2024-09-0906:42:30
jpcert
www.cve.org
3
improper authorization
custom url scheme
android
ios
phishing attack
EPSS
0.001
Percentile
17.7%
Improper authorization in handler for custom URL scheme issue in β@cosmeβ App for Android versions prior 5.69.0 and β@cosmeβ App for iOS versions prior to 6.74.0 allows an attacker to lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a victim of a phishing attack.
CNA Affected
[
{
"vendor": "istyle Inc.",
"product": "\"@cosme\" App for Android",
"versions": [
{
"version": "versions prior to 5.69.0",
"status": "affected"
}
]
},
{
"vendor": "istyle Inc.",
"product": "\"@cosme\" App for iOS",
"versions": [
{
"version": "versions prior to 6.74.0",
"status": "affected"
}
]
}
]References
Related
vulnrichment
vulnrichment
CVE-2024-45203
2024-09-09 06:42:30
nvd
nvd
CVE-2024-45203
2024-09-09 07:15:17
jvn
jvn
JVN#81570776: "@cosme" App fails to restrict custom URL schemes properly
2024-09-09 00:00:00
cve
cve
CVE-2024-45203
2024-09-09 07:15:17