Android Apps developed using Yappli fails to restrict custom URL schemes properly

Overview Yappli provided by Yappli, Inc. is an application development platform. Android Apps that are developed with Yappli provide the function to access a requested URL using Custom URL Scheme. The access to the function is not restricted properly CWE-939 which may be exploited to direct the A...

NITORI App fails to restrict access permissions

Overview NITORI App provided by Nitori Holdings Co., Ltd. implements the function to access a requested URL using Custom URL Scheme. This function contains an improper access control vulnerability CWE-284 that may allow the vulnerable App to receive an request from an arbitrary App and execute th...