10952 matches found
Code injection
The com.phlox.tvwebbrowser TV Bro application through 2.0.0 for Android mishandles external intents through WebView. This allows attackers to execute arbitrary code, create arbitrary files. and perform arbitrary downloads via JavaScript that uses takeBlobDownloadData...
PT-2023-31026 · Unknown · Indi Browser
Name of the Vulnerable Software and Affected Versions: Indi Browser aka kvbrowser version 12.11.23 Description: An issue in Indi Browser allows an attacker to bypass intended access restrictions via interaction with the com.example.gurry.kvbrowswer.webview component. Recommendations: For version...
PT-2023-29049 · Tv Bro · Tv Bro
Name of the Vulnerable Software and Affected Versions: com.phlox.tvwebbrowser TV Bro application through 2.0.0 for Android Description: The issue arises from the mishandling of external intents through WebView in the com.phlox.tvwebbrowser TV Bro application. This allows attackers to execute...
Kami YI HOME Security Breach
Kami YI HOME is a webcam from Kami. A security vulnerability exists in Kami YI HOME prior to version 4.1.920231127, which originates from a vulnerability that allows remote attackers to execute arbitrary JavaScript code via the com.ants360.yicamera.activity.WebViewActivity component...
TV Bro Security Breach
TV Bro is truefedex Personal Developer's simple web browser for Android, optimized to work with TV remotes. A security vulnerability exists in truefedex TV Bro 2.0.0 and earlier versions, which stems from a WebView error handling, and allows an attacker to execute arbitrary code, create arbitrary...
Indi Browser Security Vulnerability
Indi Browser is a browser from Indi Browser, Inc. A security vulnerability exists in Indi Browser version v.12.11.23, which stems from a vulnerability that allows an attacker to bypass intended access restrictions by interacting with the com.example.gurry.kvbrowswer.webview component...
CVE-2023-43955
The com.phlox.tvwebbrowser TV Bro application through 2.0.0 for Android mishandles external intents through WebView. This allows attackers to execute arbitrary code, create arbitrary files. and perform arbitrary downloads via JavaScript that uses takeBlobDownloadData...
CVE-2023-43955
CVE-2023-43955 affects the com.phlox.tvwebbrowser TV Bro Android app (version 2.0.0 and earlier). The root cause is mishandling of external intents via WebView, enabling an attacker to execute arbitrary code, create arbitrary files, and perform arbitrary downloads using JavaScript that calls take...
CVE-2023-6913
A session hijacking vulnerability has been detected in the Imou Life application affecting version 6.7.0. This vulnerability could allow an attacker to hijack user accounts due to the QR code functionality not properly filtering codes when scanning a new device and directly running WebView withou...
Session fixation
A session hijacking vulnerability has been detected in the Imou Life application affecting version 6.7.0. This vulnerability could allow an attacker to hijack user accounts due to the QR code functionality not properly filtering codes when scanning a new device and directly running WebView withou...
Microsoft Teams Isolated Webview Prototype Pollution Privilege Escalation Vulnerability
This vulnerability allows remote attackers to escalate privileges on affected installations of Microsoft Teams. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Isolated Webview...
CVE-2023-41898
Home assistant is an open source home automation. The Home Assistant Companion for Android app up to version 2023.8.2 is vulnerable to arbitrary URL loading in a WebView. This enables all sorts of attacks, including arbitrary JavaScript execution, limited native code execution, and credential...
Code injection
Home assistant is an open source home automation. The Home Assistant Companion for Android app up to version 2023.8.2 is vulnerable to arbitrary URL loading in a WebView. This enables all sorts of attacks, including arbitrary JavaScript execution, limited native code execution, and credential...
CVE-2023-41898 Arbitrary URL load in Android WebView in `MyActivity.kt` in Home Assistant Companion for Android
Home assistant is an open source home automation. The Home Assistant Companion for Android app up to version 2023.8.2 is vulnerable to arbitrary URL loading in a WebView. This enables all sorts of attacks, including arbitrary JavaScript execution, limited native code execution, and credential...
CVE-2023-41898 Arbitrary URL load in Android WebView in `MyActivity.kt` in Home Assistant Companion for Android
Home assistant is an open source home automation. The Home Assistant Companion for Android app up to version 2023.8.2 is vulnerable to arbitrary URL loading in a WebView. This enables all sorts of attacks, including arbitrary JavaScript execution, limited native code execution, and credential...
CVE-2023-41898
CVE-2023-41898 affects the Home Assistant Companion for Android (up to version 2023.8.2). The vulnerability is arbitrary URL loading in a WebView, enabling arbitrary JavaScript execution, limited native code execution, and credential theft. It has been patched in version 2023.9.2; all users shoul...
CVE-2023-41898 Arbitrary URL load in Android WebView in `MyActivity.kt` in Home Assistant Companion for Android
Home assistant is an open source home automation. The Home Assistant Companion for Android app up to version 2023.8.2 is vulnerable to arbitrary URL loading in a WebView. This enables all sorts of attacks, including arbitrary JavaScript execution, limited native code execution, and credential...
Home Assistant Code Injection Vulnerability
Home Assistant is an open source home automation management system. The system is primarily used to control home automation devices. A security vulnerability exists in Home Assistant versions prior to 2023.9.2 that stems from an arbitrary URL loading issue in WebView. An attacker can exploit the...
PT-2023-28154 · Home Assistant · Home Assistant Companion For Android
Name of the Vulnerable Software and Affected Versions: Home Assistant Companion for Android app versions 2023.8.2 and earlier Description: The Home Assistant Companion for Android app is vulnerable to arbitrary URL loading in a WebView, enabling attacks such as arbitrary JavaScript execution,...
CVE-2023-3612
Govee Home app has unprotected access to WebView component which can be opened by any app on the device. By sending an URL to a specially crafted site, the attacker can execute JavaScript in context of WebView or steal sensitive user data by displaying phishing content...