PT-2024-14074 · Kakao · Kakaotalk

Name of the Vulnerable Software and Affected Versions: KakaoTalk version 10.4.3 Description: A deep link validation issue allowed a remote adversary to direct users to run any attacker-controlled JavaScript within a WebView. The impact was further escalated by triggering another WebView that leak...

CVE-2023-51219

A deep link validation issue in KakaoTalk 10.4.3 allowed a remote adversary to direct users to run any attacker-controlled JavaScript within a WebView. The impact was further escalated by triggering another WebView that leaked its access token in a HTTP request header. Ultimately, this access tok...

[SECURITY] Fedora 40 Update: qt6-qtwebview-6.7.1-1.fc40

Qt WebView provides a way to display web content in a QML application without necessarily including a full web browser stack by using native APIs where it makes sense...

CVE-2024-31974

The com.solarized.firedown aka Solarized FireDown Browser & Downloader application 1.0.76 for Android allows a remote attacker to execute arbitrary JavaScript code via a crafted intent. com.solarized.firedown.IntentActivity uses a WebView component to display web content and doesn't adequately...

CVE-2024-31974

The CVE-2024-31974 entry concerns com.solarized.firedown (Solarized FireDown Browser & Downloader) for Android 1.0.76. Exploitation arises because com.solarized.firedown.IntentActivity uses a WebView to display web content and does not adequately sanitize the URI or extra data passed in an intent...

CVE-2024-31974

The com.solarized.firedown aka Solarized FireDown Browser & Downloader application 1.0.76 for Android allows a remote attacker to execute arbitrary JavaScript code via a crafted intent. com.solarized.firedown.IntentActivity uses a WebView component to display web content and doesn't adequately...

PT-2024-24328 · Unknown · Com.Solarized.Firedown

Name of the Vulnerable Software and Affected Versions: com.solarized.firedown aka Solarized FireDown Browser & Downloader version 1.0.76 Description: The issue allows a remote attacker to execute arbitrary JavaScript code via a crafted intent. This is possible because...

CVE-2024-28895

'Yahoo! JAPAN' App for Android v2.3.1 to v3.161.1 and 'Yahoo! JAPAN' App for iOS v3.2.2 to v4.109.0 contain a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the WebView of 'Yahoo! JAPAN' App via other app installed on the user's devi...

CVE-2024-28895

'Yahoo! JAPAN' App for Android v2.3.1 to v3.161.1 and 'Yahoo! JAPAN' App for iOS v3.2.2 to v4.109.0 contain a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the WebView of 'Yahoo! JAPAN' App via other app installed on the user's devi...

CVE-2024-28895

'Yahoo! JAPAN' App for Android v2.3.1 to v3.161.1 and 'Yahoo! JAPAN' App for iOS v3.2.2 to v4.109.0 contain a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the WebView of 'Yahoo! JAPAN' App via other app installed on the user's devi...

CVE-2024-28895

CVE-2024-28895 is a cross-site scripting vulnerability in the Yahoo! JAPAN App for Android (2.3.1–3.161.1) and iOS (3.2.2–4.109.0). The root cause is a WebView-based XSS (CWE-79) that could allow an arbitrary script to execute in the WebView via another app on the device. Exploitation details are...

PT-2024-22635 · Yahoo · Yahoo! Japan App For Android +1

Name of the Vulnerable Software and Affected Versions: Yahoo! JAPAN App for Android versions 2.3.1 through 3.161.1 Yahoo! JAPAN App for iOS versions 3.2.2 through 4.109.0 Description: The issue is related to a cross-site scripting vulnerability. If exploited, an arbitrary script may be executed o...

Yahoo! JAPAN 安全漏洞

Yahoo! JAPAN is a portal website of Yahoo! A security vulnerability exists in Yahoo! JAPAN versions v2.3.1 through v3.161.1, which originates from an arbitrary script that can be executed via the WebView of an application installed on a user's device...

TikTok: Lynxview JS interfaces Takeover via deeplink traversal

The application had vulnerabilities that could have allowed the takeover of JavaScript interfaces via the application's exposed Webview. The issues were only present in older versions of the Android application and were addressed after the researcher reported them to the team...

CVE-2023-49001

An issue in Indi Browser aka kvbrowser v.12.11.23 allows an attacker to bypass intended access restrictions via interaction with the com.example.gurry.kvbrowswer.webview component...

CVE-2023-49001

An issue in Indi Browser aka kvbrowser v.12.11.23 allows an attacker to bypass intended access restrictions via interaction with the com.example.gurry.kvbrowswer.webview component...

Design/Logic Flaw

An issue in Indi Browser aka kvbrowser v.12.11.23 allows an attacker to bypass intended access restrictions via interaction with the com.example.gurry.kvbrowswer.webview component...

CVE-2023-43955

The com.phlox.tvwebbrowser TV Bro application through 2.0.0 for Android mishandles external intents through WebView. This allows attackers to execute arbitrary code, create arbitrary files. and perform arbitrary downloads via JavaScript that uses takeBlobDownloadData...

CVE-2023-47882

The Kami Vision YI IoT com.yunyi.smartcamera application through 4.1.920231127 for Android allows a remote attacker to execute arbitrary JavaScript code via an implicit intent to the com.ants360.yicamera.activity.WebViewActivity component...

CVE-2023-47882

The Kami Vision YI IoT com.yunyi.smartcamera application through 4.1.920231127 for Android allows a remote attacker to execute arbitrary JavaScript code via an implicit intent to the com.ants360.yicamera.activity.WebViewActivity component...