196 matches found
WordPress Custom URL Shortener plugin <= 0.3.6 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Custom URL Shortener versions = 0.3.6...
WordPress Custom URL Shortener Plugin <= 0.3.6 is vulnerable to Cross Site Scripting (XSS)
Software Custom URL Shortener Type Plugin Vulnerable versions = 0.3.6 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51930 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 721373a7389e Credits SOPROBRO Required privilege...
CVE-2024-44155
A custom URL scheme handling issue was addressed with improved input validation. This issue is fixed in Safari 18, iOS 17.7.1 and iPadOS 17.7.1, iOS 18 and iPadOS 18, macOS Sequoia 15, watchOS 11. Maliciously crafted web content may violate iframe sandboxing policy...
CVE-2024-40867
A custom URL scheme handling issue was addressed with improved input validation. This issue is fixed in iOS 18.1 and iPadOS 18.1. A remote attacker may be able to break out of Web Content sandbox...
CVE-2024-44155
A custom URL scheme handling issue was addressed with improved input validation. This issue is fixed in Safari 18, iOS 17.7.1 and iPadOS 17.7.1, macOS Sequoia 15, watchOS 11, iOS 18 and iPadOS 18. Maliciously crafted web content may violate iframe sandboxing policy...
CVE-2024-44155
CVE-2024-44155 affects Apple Safari and related OS components via a custom URL scheme handling issue. The root cause is improved input validation, addressing a vulnerability that could allow malicious web content to violate the iframe sandboxing policy. Public details indicate the fix is applied ...
CVE-2024-40867
A custom URL scheme handling issue was addressed with improved input validation. This issue is fixed in iOS 18.1 and iPadOS 18.1. A remote attacker may be able to break out of Web Content sandbox...
CVE-2024-40867
A custom URL scheme handling issue was addressed with improved input validation. This issue is fixed in iOS 18.1 and iPadOS 18.1. A remote attacker may be able to break out of Web Content sandbox...
CVE-2024-40867
The CVE-2024-40867 issue is an Apple-specific Web content sandbox breakout risk caused by a custom URL scheme handling flaw. Affected products are iOS 18.1 and iPadOS 18.1; Apple fixed the issue in these releases through improved input validation. The vulnerability affects the WebKit/Web content ...
CVE-2024-45203
Improper authorization in handler for custom URL scheme issue in "@cosme" App for Android versions prior 5.69.0 and "@cosme" App for iOS versions prior to 6.74.0 allows an attacker to lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a victim of a...
CVE-2024-45203
Improper authorization in handler for custom URL scheme issue in "@cosme" App for Android versions prior 5.69.0 and "@cosme" App for iOS versions prior to 6.74.0 allows an attacker to lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a victim of a...
JVN#81570776: "@cosme" App fails to restrict custom URL schemes properly
"@cosme" App provided by istyle Inc. provides the function to access a requested URL using Custom URL Scheme. The App does not restrict access to the function properly CWE-939 which may be exploited to direct the App to access any sites. Impact A remote attacker may lead a user to access an...
CVE-2024-41918
'Rakuten Ichiba App' for Android 12.4.0 and earlier and 'Rakuten Ichiba App' for iOS 11.7.0 and earlier are vulnerable to improper authorization in handler for custom URL scheme. An arbitrary site may be displayed on the WebView of the product via Intent from another application installed on the...
CVE-2024-41918
'Rakuten Ichiba App' for Android 12.4.0 and earlier and 'Rakuten Ichiba App' for iOS 11.7.0 and earlier are vulnerable to improper authorization in handler for custom URL scheme. An arbitrary site may be displayed on the WebView of the product via Intent from another application installed on the...
CVE-2024-41918
'Rakuten Ichiba App' for Android 12.4.0 and earlier and 'Rakuten Ichiba App' for iOS 11.7.0 and earlier are vulnerable to improper authorization in handler for custom URL scheme. An arbitrary site may be displayed on the WebView of the product via Intent from another application installed on the...
CVE-2024-41918
'Rakuten Ichiba App' for Android 12.4.0 and earlier and 'Rakuten Ichiba App' for iOS 11.7.0 and earlier are vulnerable to improper authorization in handler for custom URL scheme. An arbitrary site may be displayed on the WebView of the product via Intent from another application installed on the...
JVN#56648919: "Rakuten Ichiba App" fails to restrict custom URL schemes properly
"Rakuten Ichiba App" provided by Rakuten Group, Inc. provides the function to access a requested URL using Custom URL Scheme. The App does not restrict access to the function properly CWE-939 which may be exploited to direct the App to access any sites. Impact A remote attacker may lead a user to...
Rakuten Ichiba 安全漏洞
Rakuten Ichiba is an online shopping APP from Rakuten, a Japanese company. A security vulnerability exists in Rakuten Ichiba that stems from a failure to properly restrict access to features that use custom URL schemes, increasing the risk of users being subject to phishing attacks...
Plate media plugins has a XSS in media embed element when using custom URL parsers
Impact Editors that use MediaEmbedElement and pass custom urlParsers to the useMediaState hook may be vulnerable to XSS if a custom parser allows javascript:, data: or vbscript: URLs to be embedded. Editors that do not use urlParsers and instead consume the url property directly may also be...
PT-2024-28953 · Npm · @Udecode/Plate-Media
Name of the Vulnerable Software and Affected Versions: @udecode/plate-media versions prior to 36.0.10 Description: The issue affects editors that use MediaEmbedElement and pass custom urlParsers to the useMediaState hook, potentially allowing XSS if a custom parser permits javascript:, data: or...