96 matches found
CVE-2024-40867
The CVE-2024-40867 issue is an Apple-specific Web content sandbox breakout risk caused by a custom URL scheme handling flaw. Affected products are iOS 18.1 and iPadOS 18.1; Apple fixed the issue in these releases through improved input validation. The vulnerability affects the WebKit/Web content ...
CVE-2024-40867
A custom URL scheme handling issue was addressed with improved input validation. This issue is fixed in iOS 18.1 and iPadOS 18.1. A remote attacker may be able to break out of Web Content sandbox...
CVE-2024-40867
A custom URL scheme handling issue was addressed with improved input validation. This issue is fixed in iOS 18.1 and iPadOS 18.1. A remote attacker may be able to break out of Web Content sandbox...
CVE-2024-45203
Improper authorization in handler for custom URL scheme issue in "@cosme" App for Android versions prior 5.69.0 and "@cosme" App for iOS versions prior to 6.74.0 allows an attacker to lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a victim of a...
CVE-2024-45203
Improper authorization in handler for custom URL scheme issue in "@cosme" App for Android versions prior 5.69.0 and "@cosme" App for iOS versions prior to 6.74.0 allows an attacker to lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a victim of a...
JVN#81570776: "@cosme" App fails to restrict custom URL schemes properly
"@cosme" App provided by istyle Inc. provides the function to access a requested URL using Custom URL Scheme. The App does not restrict access to the function properly CWE-939 which may be exploited to direct the App to access any sites. Impact A remote attacker may lead a user to access an...
CVE-2024-41918
'Rakuten Ichiba App' for Android 12.4.0 and earlier and 'Rakuten Ichiba App' for iOS 11.7.0 and earlier are vulnerable to improper authorization in handler for custom URL scheme. An arbitrary site may be displayed on the WebView of the product via Intent from another application installed on the...
CVE-2024-41918
'Rakuten Ichiba App' for Android 12.4.0 and earlier and 'Rakuten Ichiba App' for iOS 11.7.0 and earlier are vulnerable to improper authorization in handler for custom URL scheme. An arbitrary site may be displayed on the WebView of the product via Intent from another application installed on the...
CVE-2024-41918
'Rakuten Ichiba App' for Android 12.4.0 and earlier and 'Rakuten Ichiba App' for iOS 11.7.0 and earlier are vulnerable to improper authorization in handler for custom URL scheme. An arbitrary site may be displayed on the WebView of the product via Intent from another application installed on the...
CVE-2024-35298
Improper authorization in handler for custom URL scheme issue in 'ZOZOTOWN' App for Android versions prior to 7.39.6 allows an attacker to lead a user to access an arbitrary website via another application installed on the user's device. As a result, the user may become a victim of a phishing...
CVE-2024-35298
Improper authorization in handler for custom URL scheme issue in 'ZOZOTOWN' App for Android versions prior to 7.39.6 allows an attacker to lead a user to access an arbitrary website via another application installed on the user's device. As a result, the user may become a victim of a phishing...
ZOZOTOWN Security Vulnerability
ZOZOTOWN is a fashion shopping application from the Japanese company ZOZO. A security vulnerability exists in ZOZOTOWN versions prior to 7.39.6, which stems from improper authorization in the Custom URL Scheme issue handler and allows an attacker to direct a user to an arbitrary website via anoth...
JVN#70818619: "Mercari" App for Android fails to restrict custom URL schemes properly
"Mercari" App for Android by Mercari, Inc. provides the function to access a requested URL using Custom URL Scheme. The App does not restrict access to the function properly CWE-939 which may be exploited to direct the App to access any sites. Impact A remote attacker may lead a user to access an...
Open Redirect
mattermost is vulnerable to Open Redirect. The vulnerability is caused due to a missing validation at redirect URL parameter. The application fails to validate the custom URL scheme /oauth/service/mobilelogin?redirectto=, once a user clicks "Back to mattermost". The attacker can bypass protection...
Mattermost Open Redirect vulnerability
Mattermost fails to properly check a redirect URL parameter allowing for an open redirect was possible when the user clicked "Back to Mattermost" after providing a invalid custom url scheme in /oauth/service/mobilelogin?redirectto=...
GHSA-4GHX-8JW8-P76Q Mattermost Open Redirect vulnerability
Mattermost fails to properly check a redirect URL parameter allowing for an open redirect was possible when the user clicked "Back to Mattermost" after providing a invalid custom url scheme in /oauth/service/mobilelogin?redirectto=...
Open redirect
Mattermost fails to properly check a redirect URL parameter allowing for an open redirect was possible when the user clicked "Back to Mattermost" after providing a invalid custom url scheme in /oauth/service/mobilelogin?redirectto=...
CVE-2023-47168
Mattermost is affected by CVE-2023-47168 due to an open redirect vulnerability in the redirect_to parameter of the OAuth mobile login flow (/oauth/{service}/mobile_login?redirect_to=). The root cause is improper validation of the allowed redirect URL, which can let an attacker redirect users to a...
CVE-2023-44689
e-Gov Client Application Windows version versions prior to 2.1.1.0 and e-Gov Client Application macOS version versions prior to 1.1.1.0 are vulnerable to improper authorization in handler for custom URL scheme. A crafted URL may direct the product to access an arbitrary website. As a result, the...
CVE-2023-44689
e-Gov Client Application Windows version versions prior to 2.1.1.0 and e-Gov Client Application macOS version versions prior to 1.1.1.0 are vulnerable to improper authorization in handler for custom URL scheme. A crafted URL may direct the product to access an arbitrary website. As a result, the...