240 matches found
CVE-2021-36214
LINE client for iOS before 10.16.3 allows cross site script with specific header in WebView...
CVE-2012-4009
The WebView class in the Cybozu Live application 1.0.4 and earlier for Android allows remote attackers to execute arbitrary JavaScript code, and obtain sensitive information, via a crafted application that places this code into a local file associated with a file: URL...
CVE-2024-1609 OPPO Store APP has a WebView component privilege escalation vulnerability.
In OPPOStore iOS App, there's a possible escalation of privilege due to improper input validation...
CVE-2024-31974
The com.solarized.firedown aka Solarized FireDown Browser & Downloader application 1.0.76 for Android allows a remote attacker to execute arbitrary JavaScript code via a crafted intent. com.solarized.firedown.IntentActivity uses a WebView component to display web content and doesn't adequately...
PT-2024-22635 · Yahoo · Yahoo! Japan App For Android +1
Name of the Vulnerable Software and Affected Versions: Yahoo! JAPAN App for Android versions 2.3.1 through 3.161.1 Yahoo! JAPAN App for iOS versions 3.2.2 through 4.109.0 Description: The issue is related to a cross-site scripting vulnerability. If exploited, an arbitrary script may be executed o...
PT-2023-28154 · Home Assistant · Home Assistant Companion For Android
Name of the Vulnerable Software and Affected Versions: Home Assistant Companion for Android app versions 2023.8.2 and earlier Description: The Home Assistant Companion for Android app is vulnerable to arbitrary URL loading in a WebView, enabling attacks such as arbitrary JavaScript execution,...
CVE-2023-3612
Govee Home app has unprotected access to WebView component which can be opened by any app on the device. By sending an URL to a specially crafted site, the attacker can execute JavaScript in context of WebView or steal sensitive user data by displaying phishing content...
CVE-2023-42471
The wave.ai.browser application through 1.0.35 for Android allows a remote attacker to execute arbitrary JavaScript code via a crafted intent. It contains a manifest entry that exports the wave.ai.browser.ui.splash.SplashScreen activity. This activity uses a WebView component to display web conte...
Govee Home Security Breach
Govee Home is a software application. Govee Home contains a security vulnerability that stems from the fact that the WebView component can be opened by any application on the device, and by sending the URL to a specially crafted website, an attacker can execute JavaScript in the WebView context o...
PT-2023-25434 · Govee · Govee Home
Name of the Vulnerable Software and Affected Versions: Govee Home app affected versions not specified Description: The Govee Home app has unprotected access to the WebView component, which can be opened by any app on the device. By sending a URL to a specially crafted site, an attacker can execut...
Remote code execution
A remote code execution vulnerability in the webview component of OnePlus Store app...
OPPO OnePlus Mall Security Breach
OPPO OnePlus Mall is a mobile application from OPPO Guangdong Mobile Communications OPPO, China. A security vulnerability exists in OPPO OnePlus Mall version 3.0.2023, which stems from a remote code execution RCE vulnerability in the webview component...
SUSE CVE-2021-37990
Inappropriate implementation in WebView in Google Chrome on Android prior to 95.0.4638.54 allowed a remote attacker to leak cross-origin data via a crafted app...
The vulnerability of the categoryId parameter in the WWebView component of the MCE Systems mobile device lifecycle management system allows attackers to enhance their privileges.
The vulnerability of the categoryId parameter in the WWebView component of the MCE Systems lifecycle management system is related to errors in link processing before accessing a file, as well as deserialization of the PendingDynamicLinkData structure from the Intent Extra array with the key...
PT-2022-19245 · Bytedance +1 · Tiktok +1
Name of the Vulnerable Software and Affected Versions: TikTok application before 23.7.3 for Android Description: The issue allows account takeover through a crafted URL that can force the com.zhiliaoapp.musically WebView to load an arbitrary website, potentially leveraging an attached JavaScript...
CVE-2021-25448
Improper access control vulnerability in Smart Touch Call prior to version 1.0.0.5 allows arbitrary webpage loading in webview...
SAMSUNG Members 安全漏洞
Samsung Members is a community platform app from Samsung South Korea. An access control error vulnerability exists in Samsung Members. The vulnerability allows untrusted applications to cause local file inclusion in a webview. No detailed vulnerability details are provided at this time...
The vulnerability of the WebView component in Google Chrome web browsers allows a hacker to gain unauthorized access to protected information.
The vulnerability of the WebView component in Google Chrome browsers relates to the lack of protection for transmitted data. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...
Google Chrome WebView Policy Enforcement Deficiency Vulnerability
Chrome is a simple and efficiently designed web browsing tool developed by Google that is characterized by its simplicity and speed. A WebView Policy Enforcement Insufficiency vulnerability exists in versions of Google Chrome prior to 88.0.4324.96. An attacker can exploit this vulnerability to le...
WebView Vulnerability in X Browser
X Browser is a mobile browser for the Android platform. X Browser has a WebView vulnerability that can be exploited by an attacker to execute JS code across domains and take full control of a user's browser...