Lucene search
+L

96 matches found

CVE
CVE
added 2024/10/28 9:7 p.m.57 views

CVE-2024-40867

The CVE-2024-40867 issue is an Apple-specific Web content sandbox breakout risk caused by a custom URL scheme handling flaw. Affected products are iOS 18.1 and iPadOS 18.1; Apple fixed the issue in these releases through improved input validation. The vulnerability affects the WebKit/Web content ...

9.6CVSS5.6AI score0.007EPSS
Exploits0References2Affected Software2
Vulnrichment
Vulnrichment
added 2024/10/28 9:7 p.m.17 views

CVE-2024-40867

A custom URL scheme handling issue was addressed with improved input validation. This issue is fixed in iOS 18.1 and iPadOS 18.1. A remote attacker may be able to break out of Web Content sandbox...

5.9AI score0.007EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/10/28 9:7 p.m.17 views

CVE-2024-40867

A custom URL scheme handling issue was addressed with improved input validation. This issue is fixed in iOS 18.1 and iPadOS 18.1. A remote attacker may be able to break out of Web Content sandbox...

0.007EPSS
Exploits0References1
NVD
NVD
added 2024/09/09 7:15 a.m.57 views

CVE-2024-45203

Improper authorization in handler for custom URL scheme issue in "@cosme" App for Android versions prior 5.69.0 and "@cosme" App for iOS versions prior to 6.74.0 allows an attacker to lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a victim of a...

4.3CVSS0.00277EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/09/09 6:42 a.m.50 views

CVE-2024-45203

Improper authorization in handler for custom URL scheme issue in "@cosme" App for Android versions prior 5.69.0 and "@cosme" App for iOS versions prior to 6.74.0 allows an attacker to lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a victim of a...

0.00277EPSS
Exploits0References1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/09/09 12:0 a.m.34 views

JVN#81570776: "@cosme" App fails to restrict custom URL schemes properly

"@cosme" App provided by istyle Inc. provides the function to access a requested URL using Custom URL Scheme. The App does not restrict access to the function properly CWE-939 which may be exploited to direct the App to access any sites. Impact A remote attacker may lead a user to access an...

4.3CVSS4.4AI score0.00277EPSS
Exploits0
OSV
OSV
added 2024/08/29 3:15 a.m.3 views

CVE-2024-41918

'Rakuten Ichiba App' for Android 12.4.0 and earlier and 'Rakuten Ichiba App' for iOS 11.7.0 and earlier are vulnerable to improper authorization in handler for custom URL scheme. An arbitrary site may be displayed on the WebView of the product via Intent from another application installed on the...

6.1CVSS5.7AI score0.003EPSS
Exploits0References3
NVD
NVD
added 2024/08/29 3:15 a.m.17 views

CVE-2024-41918

'Rakuten Ichiba App' for Android 12.4.0 and earlier and 'Rakuten Ichiba App' for iOS 11.7.0 and earlier are vulnerable to improper authorization in handler for custom URL scheme. An arbitrary site may be displayed on the WebView of the product via Intent from another application installed on the...

6.1CVSS0.003EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/08/29 2:47 a.m.29 views

CVE-2024-41918

'Rakuten Ichiba App' for Android 12.4.0 and earlier and 'Rakuten Ichiba App' for iOS 11.7.0 and earlier are vulnerable to improper authorization in handler for custom URL scheme. An arbitrary site may be displayed on the WebView of the product via Intent from another application installed on the...

0.003EPSS
Exploits0References3
NVD
NVD
added 2024/06/19 5:15 a.m.20 views

CVE-2024-35298

Improper authorization in handler for custom URL scheme issue in 'ZOZOTOWN' App for Android versions prior to 7.39.6 allows an attacker to lead a user to access an arbitrary website via another application installed on the user's device. As a result, the user may become a victim of a phishing...

4.3CVSS0.00289EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/06/19 5:7 a.m.14 views

CVE-2024-35298

Improper authorization in handler for custom URL scheme issue in 'ZOZOTOWN' App for Android versions prior to 7.39.6 allows an attacker to lead a user to access an arbitrary website via another application installed on the user's device. As a result, the user may become a victim of a phishing...

6.9AI score0.00289EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/06/19 12:0 a.m.5 views

ZOZOTOWN Security Vulnerability

ZOZOTOWN is a fashion shopping application from the Japanese company ZOZO. A security vulnerability exists in ZOZOTOWN versions prior to 7.39.6, which stems from improper authorization in the Custom URL Scheme issue handler and allows an attacker to direct a user to an arbitrary website via anoth...

4.3CVSS6.8AI score0.00289EPSS
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/01/24 12:0 a.m.39 views

JVN#70818619: "Mercari" App for Android fails to restrict custom URL schemes properly

"Mercari" App for Android by Mercari, Inc. provides the function to access a requested URL using Custom URL Scheme. The App does not restrict access to the function properly CWE-939 which may be exploited to direct the App to access any sites. Impact A remote attacker may lead a user to access an...

6.1CVSS6.2AI score0.00385EPSS
Exploits0
Veracode
Veracode
added 2023/11/28 8:9 a.m.23 views

Open Redirect

mattermost is vulnerable to Open Redirect. The vulnerability is caused due to a missing validation at redirect URL parameter. The application fails to validate the custom URL scheme /oauth/service/mobilelogin?redirectto=, once a user clicks "Back to mattermost". The attacker can bypass protection...

6.1CVSS7.2AI score0.00403EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2023/11/27 12:30 p.m.22 views

Mattermost Open Redirect vulnerability

Mattermost fails to properly check a redirect URL parameter allowing for an open redirect was possible when the user clicked "Back to Mattermost" after providing a invalid custom url scheme in /oauth/service/mobilelogin?redirectto=...

6.1CVSS7AI score0.00403EPSS
Exploits0References3Affected Software2
OSV
OSV
added 2023/11/27 12:30 p.m.16 views

GHSA-4GHX-8JW8-P76Q Mattermost Open Redirect vulnerability

Mattermost fails to properly check a redirect URL parameter allowing for an open redirect was possible when the user clicked "Back to Mattermost" after providing a invalid custom url scheme in /oauth/service/mobilelogin?redirectto=...

4.3CVSS5.2AI score0.00403EPSS
Exploits0References3
Prion
Prion
added 2023/11/27 10:15 a.m.14 views

Open redirect

Mattermost fails to properly check a redirect URL parameter allowing for an open redirect was possible when the user clicked "Back to Mattermost" after providing a invalid custom url scheme in /oauth/service/mobilelogin?redirectto=...

5.8CVSS6.9AI score0.00403EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/11/27 9:12 a.m.193 views

CVE-2023-47168

Mattermost is affected by CVE-2023-47168 due to an open redirect vulnerability in the redirect_to parameter of the OAuth mobile login flow (/oauth/{service}/mobile_login?redirect_to=). The root cause is improper validation of the allowed redirect URL, which can let an attacker redirect users to a...

6.1CVSS5.2AI score0.00403EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2023/10/11 1:15 a.m.5 views

CVE-2023-44689

e-Gov Client Application Windows version versions prior to 2.1.1.0 and e-Gov Client Application macOS version versions prior to 1.1.1.0 are vulnerable to improper authorization in handler for custom URL scheme. A crafted URL may direct the product to access an arbitrary website. As a result, the...

4.3CVSS5.9AI score
Exploits0References2
NVD
NVD
added 2023/10/11 1:15 a.m.29 views

CVE-2023-44689

e-Gov Client Application Windows version versions prior to 2.1.1.0 and e-Gov Client Application macOS version versions prior to 1.1.1.0 are vulnerable to improper authorization in handler for custom URL scheme. A crafted URL may direct the product to access an arbitrary website. As a result, the...

4.3CVSS4.7AI score0.00355EPSS
Exploits0References2
Rows per page
Query Builder