Samsung Bixby Touch安全漏洞

An access control error vulnerability exists in Samsung Bixby Touch, a virtual intelligent assistant for Samsung mobile devices, which stems from a failure to properly restrict access to resources from unauthorized roles in Bixby Touch. An attacker could exploit the vulnerability to allow untrust...

CVE-2022-25824

Improper access control vulnerability in BixbyTouch prior to version 2.2.00.6 in China models allows untrusted applications to load arbitrary URL and local files in webview...

PT-2022-17550 · Samsung · Bixbytouch

Name of the Vulnerable Software and Affected Versions: BixbyTouch versions prior to 2.2.00.6 Description: The issue is related to improper access control, allowing untrusted applications to load arbitrary URL and local files in webview. Recommendations: For versions prior to 2.2.00.6, update to...

TikTok: One Click Account Hijacking via Unvalidated Deeplink

A WebView Hijacking vulnerability was found on the TikTok Android application via an un-validated deeplink on an un-sanitized parameter. This could have resulted in account hijacking through a JavaScript interface. We thank @fr4via for reporting this to our team...

The vulnerability of the cordova-plugin-ionic-webview plugin, related to deficiencies in path name restrictions, allows attackers to gain access to arbitrary files.

The vulnerability of the cordova-plugin-ionic-webview plugin is related to deficiencies in path name restrictions for directories. Exploiting this vulnerability could allow an attacker to gain access to arbitrary files...

CVE-2022-24923

Improper access control vulnerability in Samsung SearchWidget prior to versions 2.3.00.6 in China models allows untrusted applications to load arbitrary URL and local files in webview...

CVE-2022-24923

Improper access control vulnerability in Samsung SearchWidget prior to versions 2.3.00.6 in China models allows untrusted applications to load arbitrary URL and local files in webview...

Improper access control

Improper access control vulnerability in Samsung SearchWidget prior to versions 2.3.00.6 in China models allows untrusted applications to load arbitrary URL and local files in webview...

CVE-2022-24923

CVE-2022-24923 affects Samsung SearchWidget prior to 2.3.00.6 on China models. Root cause: improper access control that allows untrusted applications to load arbitrary URLs and local files in a webview. Affected version range: before 2.3.00.6. Remediation: update to version 2.3.00.6 or later. Not...

CVE-2022-24923

Improper access control vulnerability in Samsung SearchWidget prior to versions 2.3.00.6 in China models allows untrusted applications to load arbitrary URL and local files in webview...

PT-2022-16984 · Samsung · Samsung Searchwidget

Name of the Vulnerable Software and Affected Versions: Samsung SearchWidget versions prior to 2.3.00.6 Description: The issue is related to improper access control in the Samsung SearchWidget, allowing untrusted applications to load arbitrary URLs and local files in a webview. Recommendations: Fo...

CVE-2021-23863

HTML code injection vulnerability in Android Application, Bosch Video Security, version 3.2.3. or earlier, when successfully exploited allows an attacker to inject random HTML code into a component loaded by WebView, thus allowing the Application to display web resources controlled by the attacke...

Code injection

HTML code injection vulnerability in Android Application, Bosch Video Security, version 3.2.3. or earlier, when successfully exploited allows an attacker to inject random HTML code into a component loaded by WebView, thus allowing the Application to display web resources controlled by the attacke...

CVE-2021-23863

The CVE affects Bosch Video Security software (version 3.2.3 and earlier). A code injection vulnerability enables an attacker to inject arbitrary HTML into a WebView-loaded component, potentially causing the application to display attacker-controlled web resources. The root cause is HTML/code inj...

Bosch Video Security 跨站脚本漏洞

Bosch Video Security is a video security system from Bosch, Germany. Used to connect to Bosch Ip cameras and encoders from around the world, experience instant video playback, full access to your recordings, forensic search of cameras with Bosch video analytics support, and smooth control of Ptz...

EXNESS: Improper Implementation of SDK Allows Universal XSS in Webview Leading to Account Takeover

Affected App: Social Trading com.exness.investments App Version: - 2.45.8-release latest on PlayStore Summary: The SurveyMonkey SDK, used to collect surveys from users for analytic and informative purposes, was implemented in an insecure manner in . Particularly, the SMFeedbackActivity was...

The vulnerability of the WebView component for displaying web pages in Google Chrome allows attackers to circumvent existing security restrictions.

The vulnerability of the WebView component of Google Chrome’s browser involves errors in the implementation of security checks for standard elements. Exploiting this vulnerability allows a malicious actor to bypass existing security restrictions through a specially created HTML page...

Brave Software: XSS on internal: privileged origin through reader mode

A vulnerability in Brave iOS versions 1.32.3 and higher allowed for XSS attacks on the privileged origin internal://local through the combination of two weaknesses. The first weakness was the exposure of uuidKey through the REFERER header due to the lack of referrer header protection in the...

The vulnerability of Google Chrome’s WebView component allows a hacker to bypass existing security restrictions by using a specially created HTML page.

The vulnerability of Google Chrome’s WebView component is related to errors in the implementation of security checks for standard elements. Exploiting this vulnerability allows a malicious actor to bypass existing security restrictions through a specially created HTML page...

openSUSE 15 Security Update : opera (openSUSE-SU-2021:1488-1)

The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1488-1 advisory. - Heap buffer overflow in Skia in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who had compromised the renderer process to...