Lucene search
K

196 matches found

Patchstack
Patchstack
added 2024/11/08 5:17 p.m.4 views

WordPress Custom URL Shortener plugin <= 0.3.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Custom URL Shortener versions = 0.3.6...

6.5CVSS6.1AI score0.00231EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/11/08 12:0 a.m.8 views

WordPress Custom URL Shortener Plugin <= 0.3.6 is vulnerable to Cross Site Scripting (XSS)

Software Custom URL Shortener Type Plugin Vulnerable versions = 0.3.6 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51930 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 721373a7389e Credits SOPROBRO Required privilege...

6.5CVSS6.9AI score0.00231EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2024/10/28 9:15 p.m.13 views

CVE-2024-44155

A custom URL scheme handling issue was addressed with improved input validation. This issue is fixed in Safari 18, iOS 17.7.1 and iPadOS 17.7.1, iOS 18 and iPadOS 18, macOS Sequoia 15, watchOS 11. Maliciously crafted web content may violate iframe sandboxing policy...

6.5CVSS0.00517EPSS
Exploits0References6
NVD
NVD
added 2024/10/28 9:15 p.m.11 views

CVE-2024-40867

A custom URL scheme handling issue was addressed with improved input validation. This issue is fixed in iOS 18.1 and iPadOS 18.1. A remote attacker may be able to break out of Web Content sandbox...

9.6CVSS0.007EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/10/28 9:8 p.m.12 views

CVE-2024-44155

A custom URL scheme handling issue was addressed with improved input validation. This issue is fixed in Safari 18, iOS 17.7.1 and iPadOS 17.7.1, macOS Sequoia 15, watchOS 11, iOS 18 and iPadOS 18. Maliciously crafted web content may violate iframe sandboxing policy...

5.8AI score0.00517EPSS
Exploits0References5
CVE
CVE
added 2024/10/28 9:8 p.m.69 views

CVE-2024-44155

CVE-2024-44155 affects Apple Safari and related OS components via a custom URL scheme handling issue. The root cause is improved input validation, addressing a vulnerability that could allow malicious web content to violate the iframe sandboxing policy. Public details indicate the fix is applied ...

6.5CVSS5.8AI score0.00517EPSS
Exploits0References6Affected Software5
Cvelist
Cvelist
added 2024/10/28 9:7 p.m.15 views

CVE-2024-40867

A custom URL scheme handling issue was addressed with improved input validation. This issue is fixed in iOS 18.1 and iPadOS 18.1. A remote attacker may be able to break out of Web Content sandbox...

0.007EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/10/28 9:7 p.m.17 views

CVE-2024-40867

A custom URL scheme handling issue was addressed with improved input validation. This issue is fixed in iOS 18.1 and iPadOS 18.1. A remote attacker may be able to break out of Web Content sandbox...

5.9AI score0.007EPSS
Exploits0References1
CVE
CVE
added 2024/10/28 9:7 p.m.56 views

CVE-2024-40867

The CVE-2024-40867 issue is an Apple-specific Web content sandbox breakout risk caused by a custom URL scheme handling flaw. Affected products are iOS 18.1 and iPadOS 18.1; Apple fixed the issue in these releases through improved input validation. The vulnerability affects the WebKit/Web content ...

9.6CVSS5.6AI score0.007EPSS
Exploits0References2Affected Software2
NVD
NVD
added 2024/09/09 7:15 a.m.56 views

CVE-2024-45203

Improper authorization in handler for custom URL scheme issue in "@cosme" App for Android versions prior 5.69.0 and "@cosme" App for iOS versions prior to 6.74.0 allows an attacker to lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a victim of a...

4.3CVSS0.00277EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/09/09 6:42 a.m.47 views

CVE-2024-45203

Improper authorization in handler for custom URL scheme issue in "@cosme" App for Android versions prior 5.69.0 and "@cosme" App for iOS versions prior to 6.74.0 allows an attacker to lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a victim of a...

0.00277EPSS
Exploits0References1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/09/09 12:0 a.m.34 views

JVN#81570776: "@cosme" App fails to restrict custom URL schemes properly

"@cosme" App provided by istyle Inc. provides the function to access a requested URL using Custom URL Scheme. The App does not restrict access to the function properly CWE-939 which may be exploited to direct the App to access any sites. Impact A remote attacker may lead a user to access an...

4.3CVSS4.4AI score0.00277EPSS
Exploits0
OSV
OSV
added 2024/08/29 3:15 a.m.2 views

CVE-2024-41918

'Rakuten Ichiba App' for Android 12.4.0 and earlier and 'Rakuten Ichiba App' for iOS 11.7.0 and earlier are vulnerable to improper authorization in handler for custom URL scheme. An arbitrary site may be displayed on the WebView of the product via Intent from another application installed on the...

6.1CVSS5.7AI score0.003EPSS
Exploits0References3
NVD
NVD
added 2024/08/29 3:15 a.m.16 views

CVE-2024-41918

'Rakuten Ichiba App' for Android 12.4.0 and earlier and 'Rakuten Ichiba App' for iOS 11.7.0 and earlier are vulnerable to improper authorization in handler for custom URL scheme. An arbitrary site may be displayed on the WebView of the product via Intent from another application installed on the...

6.1CVSS0.003EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/08/29 2:47 a.m.24 views

CVE-2024-41918

'Rakuten Ichiba App' for Android 12.4.0 and earlier and 'Rakuten Ichiba App' for iOS 11.7.0 and earlier are vulnerable to improper authorization in handler for custom URL scheme. An arbitrary site may be displayed on the WebView of the product via Intent from another application installed on the...

0.003EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/08/29 2:47 a.m.16 views

CVE-2024-41918

'Rakuten Ichiba App' for Android 12.4.0 and earlier and 'Rakuten Ichiba App' for iOS 11.7.0 and earlier are vulnerable to improper authorization in handler for custom URL scheme. An arbitrary site may be displayed on the WebView of the product via Intent from another application installed on the...

6.6AI score0.003EPSS
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/08/20 12:0 a.m.20 views

JVN#56648919: "Rakuten Ichiba App" fails to restrict custom URL schemes properly

"Rakuten Ichiba App" provided by Rakuten Group, Inc. provides the function to access a requested URL using Custom URL Scheme. The App does not restrict access to the function properly CWE-939 which may be exploited to direct the App to access any sites. Impact A remote attacker may lead a user to...

6.1CVSS6AI score0.003EPSS
Exploits0
CNNVD
CNNVD
added 2024/08/20 12:0 a.m.4 views

Rakuten Ichiba 安全漏洞

Rakuten Ichiba is an online shopping APP from Rakuten, a Japanese company. A security vulnerability exists in Rakuten Ichiba that stems from a failure to properly restrict access to features that use custom URL schemes, increasing the risk of users being subject to phishing attacks...

6.1CVSS4.7AI score0.003EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2024/07/15 6:33 p.m.22 views

Plate media plugins has a XSS in media embed element when using custom URL parsers

Impact Editors that use MediaEmbedElement and pass custom urlParsers to the useMediaState hook may be vulnerable to XSS if a custom parser allows javascript:, data: or vbscript: URLs to be embedded. Editors that do not use urlParsers and instead consume the url property directly may also be...

8.1CVSS6AI score0.00498EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2024/07/15 12:0 a.m.7 views

PT-2024-28953 · Npm · @Udecode/Plate-Media

Name of the Vulnerable Software and Affected Versions: @udecode/plate-media versions prior to 36.0.10 Description: The issue affects editors that use MediaEmbedElement and pass custom urlParsers to the useMediaState hook, potentially allowing XSS if a custom parser permits javascript:, data: or...

8.4CVSS6.1AI score0.00498EPSS
Exploits0References8
Rows per page
Query Builder