89 matches found
PT-2024-21638 · Microsoft · Msal.Net
Name of the Vulnerable Software and Affected Versions: MSAL.NET versions 4.48.0 through 4.60.0 Description: A malicious application running on a customer Android device can cause local denial of service against applications that were built using MSAL.NET for authentication on the same device, due...
"Yahoo! JAPAN" App vulnerable to cross-site scripting
Overview "Yahoo! JAPAN" App provided by LY Corporation contains a cross-site scripting vulnerability CWE-79. Shiga Takuma of BroadBand Security, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An...
CVE-2023-6913
A session hijacking vulnerability has been detected in the Imou Life application affecting version 6.7.0. This vulnerability could allow an attacker to hijack user accounts due to the QR code functionality not properly filtering codes when scanning a new device and directly running WebView withou...
PT-2023-32821 · Imou · Imou Life
Name of the Vulnerable Software and Affected Versions: Imou Life version 6.7.0 Description: A session hijacking issue has been detected in the Imou Life application. This issue could allow an attacker to hijack user accounts due to the QR code functionality not properly filtering codes when...
SUSE CVE-2015-1295
Multiple use-after-free vulnerabilities in the PrintWebViewHelper class in components/printing/renderer/printwebviewhelper.cc in Google Chrome before 45.0.2454.85 allow user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact by triggering nested IPC...
SUSE CVE-2020-6437
Inappropriate implementation in WebView in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to spoof security UI via a crafted application...
CVE-2022-42813
A certificate validation issue existed in the handling of WKWebView. This issue was addressed with improved validation. This issue is fixed in tvOS 16.1, iOS 16.1 and iPadOS 16, macOS Ventura 13, watchOS 9.1. Processing a maliciously crafted certificate may lead to arbitrary code execution...
PT-2022-26601 · Apple · Ipados +4
Name of the Vulnerable Software and Affected Versions: Apple iOS versions prior to 16.1 Apple iPadOS versions prior to 16.1 Apple tvOS versions prior to 16.1 Apple macOS versions prior to 13 Apple watchOS versions prior to 9.1 Description: A certificate validation issue existed in the handling of...
CVE-2022-28799
The TikTok application before 23.7.3 for Android allows account takeover. A crafted URL unvalidated deeplink can force the com.zhiliaoapp.musically WebView to load an arbitrary website. This may allow an attacker to leverage an attached JavaScript interface for the takeover with one click...
CVE-2022-24923
Improper access control vulnerability in Samsung SearchWidget prior to versions 2.3.00.6 in China models allows untrusted applications to load arbitrary URL and local files in webview...
The vulnerability of the WebView component for displaying web pages in Google Chrome browser and on the Android operating system allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the WebView component of Google Chrome’s browser involves errors in the implementation of security checks for standard elements. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information...
Cross-Site Scripting in Page Preview
Failing to properly encode Page TSconfig settings, the corresponding page preview module WebView is vulnerable to persistent cross-site scripting. A valid backend user account is needed to exploit this vulnerability...
CVE-2021-25403
Intent redirection vulnerability in Samsung Account prior to version 10.8.0.4 in Android P9.0 and below, and 12.2.0.9 in Android Q10.0 and above allows attacker to access contacts and file provider using SettingWebView component...
LINAGORA hublin web-view renderer path traversal vulnerability
LINAGORA hublin is an open source video conferencing solution based on WebRTC. web-view renderer is one of the renderers. A path traversal vulnerability exists in the web-view renderer in LINAGORA hublin. The vulnerability stems from a failure of a network system or product to properly filter...
CVE-2019-1010205
LINAGORA hublin latest commit 72ead897082403126bf8df9264e70f0a9de247ff is affected by: Directory Traversal. The impact is: The vulnerability allows an attacker to access any file with a fixed extension on the server. The component is: A web-view renderer; details here:...
Directory traversal
LINAGORA hublin latest commit 72ead897082403126bf8df9264e70f0a9de247ff is affected by: Directory Traversal. The impact is: The vulnerability allows an attacker to access any file with a fixed extension on the server. The component is: A web-view renderer; details here:...
CVE-2019-1010205
LINAGORA hublin latest commit 72ead897082403126bf8df9264e70f0a9de247ff is affected by: Directory Traversal. The impact is: The vulnerability allows an attacker to access any file with a fixed extension on the server. The component is: A web-view renderer; details here:...
Google Partially Patches Flaw in Chrome for Android 3 Years After Disclosure
Google has finally patched a privacy vulnerability in its Chrome web browser for Android that exposes users' device model and firmware version, eventually enabling remote attackers to identify unpatched devices and exploit known vulnerabilities. The vulnerability, which has not yet given any CVE...
CVE-2018-15669
An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. Its primary WebView instance implements "webView:decidePolicyForNavigationAction:request:frame:decisionListener:" such that requests from HTMLIFrameElements are blacklisted. However, other sub-classes of HTMLFrameOwnerElements are not...
GHSA-HWHH-2FWM-CFGW Doorkeeper is vulnerable to stored XSS and code execution
Doorkeeper version 2.1.0 through 4.2.5 contains a Cross Site Scripting XSS vulnerability in web view's OAuth app form, user authorization prompt web view that can result in Stored XSS on the OAuth Client's name will cause users interacting with it will execute payload. This attack appear to be...