CVE-2016-1586

A malicious webview could install long-lived unload handlers that re-use an incognito BrowserContext that is queued for destruction in versions of Oxide before 1.18.3...

CVE-2016-1586

A malicious webview could install long-lived unload handlers that re-use an incognito BrowserContext that is queued for destruction in versions of Oxide before 1.18.3...

Design/Logic Flaw

A malicious webview could install long-lived unload handlers that re-use an incognito BrowserContext that is queued for destruction in versions of Oxide before 1.18.3...

CVE-2016-1586

A malicious webview could install long-lived unload handlers that re-use an incognito BrowserContext that is queued for destruction in versions of Oxide before 1.18.3...

CVE-2016-1586

Affects Oxide prior to v1.18.3 where a malicious webview can install long-lived unload handlers that reuse an incognito BrowserContext queued for destruction. This could lead to exposure of sensitive information as described in CVE-2016-1586. Remediation: upgrade to Oxide 1.18.3 or later (or appl...

Zomato: [Zomato for Business Android] Vulnerability in exported activity WebView

Hello, i want to report the vulnerability found, Since the following activity com.application.zomatomerchant.home.HomeSalt has exported="true" it can be exploited by another application. Application Information Application: Zomato for Business Package Name: com.application.zomatomerchant Version:...

EXNESS: [com.exness.android.pa Android] Universal XSS in webview. Lead to steal user cookies

Details: Package: com.exness.android.pa Name: Exness Version: 1.7.5-real-release Description: Third-app may use exported activity to load any url in internal webView. This leads to steal cookies used in trading app, including cookies of payment system Vulnerability description: Application has...

Zomato: [Zomato Order] Insecure deeplink leads to sensitive information disclosure

Hello, i want to report the vulnerability found, Since the following activity com.application.zomato.activities.DeepLinkRouter has exported="true" it can be exploited by another application. Application Information Application: Zomato Order - Food Delivery App Package Name:...

JVN#60497148: "an" App for iOS vulnerable to directory traversal

"an" App for iOS provided by PERSOL CAREER CO., LTD. uses the old version of cordova-plugin-ionic-webview, and inherits a directory traversal vulnerability CWE-22, CVE-2018-16202. Impact A remote attacker may obtain an arbitrary file such as a file related to an application on iOS device. As a...

JVN#11622218: iChain Insurance Wallet App for iOS vulnerable to directory traversal

iChain Insurance Wallet App for iOS provided by iChain, Inc. uses the old version of cordova-plugin-ionic-webview, and inherits a directory traversal vulnerability CWE-22, CVE-2018-16202. Impact A remote attacker may obtain an arbitrary file such as a file related to an application on iOS device...

The vulnerability of the WebView component for displaying web pages and the Google Chrome browser allows a perpetrator to gain unauthorized access to information.

The vulnerability of the WebView component for displaying web pages and the Google Chrome browser is related to errors in applying access control rules. Exploiting this vulnerability allows a perpetrator to gain unauthorized access to information...

CVE-2019-8345

The Help feature in the ES File Explorer File Manager application 4.1.9.7.4 for Android allows session hijacking by a Man-in-the-middle attacker on the local network because HTTPS is not used, and an attacker's web site is displayed in a WebView with no information about the URL...

Design/Logic Flaw

The Help feature in the ES File Explorer File Manager application 4.1.9.7.4 for Android allows session hijacking by a Man-in-the-middle attacker on the local network because HTTPS is not used, and an attacker's web site is displayed in a WebView with no information about the URL...

CVE-2019-8345

The Help feature in the ES File Explorer File Manager application 4.1.9.7.4 for Android allows session hijacking by a Man-in-the-middle attacker on the local network because HTTPS is not used, and an attacker's web site is displayed in a WebView with no information about the URL...

CVE-2019-8345

The Help feature in the ES File Explorer File Manager application 4.1.9.7.4 for Android allows session hijacking by a Man-in-the-middle attacker on the local network because HTTPS is not used, and an attacker's web site is displayed in a WebView with no information about the URL...

Critical OkCupid Flaw Exposed Daters to App Takeovers

A critical flaw in the OkCupid app has been found that could allow a bad actor to steal credentials, launch man-in-the-middle attacks or completely compromise the victim’s application. This is separate from the OKCupid account-takeover incident reported earlier in the week, but it does fit the...

@evan.network/angular-gulp (>=1.2.3 <=2.1.3), @evan.network/ui-angular-libs (=1.1.0) +10 more potentially affected by CVE-2018-16202 via cordova-plugin-ionic-webview (=1.2.1)

cordova-plugin-ionic-webview NPM version =1.2.1 is affected by a known vulnerability. The following packages have a transitive dependency on cordova-plugin-ionic-webview and may be impacted: - @evan.network/angular-gulp =1.2.3, =0.0.1, =0.0.1, =5.0.1, =0.0.8, =0.0.1, =0.0.1, =1.0.0, =0.0.1, =0.0....

GHSA-XWJH-CP99-CJ8Q Path Traversal in cordova-plugin-ionic-webview

Versions of cordova-plugin-ionic-webview prior to 2.2.0 are vulnerable to Path Traversal, allowing attackers access to OS local files that should be inaccessible by third-party applications. The package launches a webserver listening on http://localhost:8080 without restricting access of the app...

Path Traversal in cordova-plugin-ionic-webview

Versions of cordova-plugin-ionic-webview prior to 2.2.0 are vulnerable to Path Traversal, allowing attackers access to OS local files that should be inaccessible by third-party applications. The package launches a webserver listening on http://localhost:8080 without restricting access of the app...

JVN#98505783: HOUSE GATE App for iOS vulnerable to directory traversal

HOUSE GATE App for iOS provided by HOUSE GATE inc. uses the old version of cordova-plugin-ionic-webview, and inherits a directory traversal vulnerability CWE-22, CVE-2018-16202. Impact A remote attacker may obtain an arbitrary file such as a file related to an application on iOS device. As a...