10960 matches found
CVE-2024-49419
Insufficient verification of url authenticity in GamingHub prior to version 6.1.03.4 in Korea, 7.1.02.4 in Global allows remote attackers to load an arbitrary URL in its webview...
CVE-2024-49418
Insufficient verification of url authenticity in GamingHub prior to version 6.1.03.4 in Korea, 7.1.02.4 in Global allows remote attackers to enable JavaScript in its webview...
CVE-2024-49418
Samsung Gaming Hub (GamingHub) is affected by CVE-2024-49418 due to insufficient verification of URL authenticity in the WebView. The issue affects GamingHub versions prior to 6.1.03.4 in Korea and prior to 7.1.02.4 globally, allowing remote attackers to enable JavaScript in the WebView. Accordin...
PT-2024-33528 · Gaminghub · Gaminghub
Name of the Vulnerable Software and Affected Versions: GamingHub versions prior to 6.1.03.4 in Korea GamingHub versions prior to 7.1.02.4 in Global Description: The issue is related to insufficient verification of URL authenticity, allowing remote attackers to enable JavaScript in the webview. Th...
PT-2024-33529 · Gaminghub · Gaminghub
Name of the Vulnerable Software and Affected Versions: GamingHub versions prior to 6.1.03.4 in Korea GamingHub versions prior to 7.1.02.4 in Global Description: The issue is related to insufficient verification of URL authenticity in GamingHub, allowing remote attackers to load an arbitrary URL i...
CVE-2024-31414
The Eaton Foreseer software provides users the capability to customize the dashboard in WebView pages. However, the input fields for this feature in the Eaton Foreseer software lacked proper input sanitization on the server-side, which could lead to injection and execution of malicious scripts wh...
CVE-2024-31414
The Eaton Foreseer software provides users the capability to customize the dashboard in WebView pages. However, the input fields for this feature in the Eaton Foreseer software lacked proper input sanitization on the server-side, which could lead to injection and execution of malicious scripts wh...
PT-2024-24056 · Eaton · Eaton Foreseer
Name of the Vulnerable Software and Affected Versions: Eaton Foreseer software affected versions not specified Description: The issue concerns the Eaton Foreseer software, which allows users to customize the dashboard in WebView pages. However, the input fields for this feature lack proper input...
Exploit for Code Injection in Deskfiler
DeskFiler RCE A Proof-Of-Concept for CVE-2024-25291 vulnerabi...
Exploit for Open Redirect in Nteract
Nteract PoC A Proof-Of-Concept for CVE-2024-22891 vulnerabilit...
Android Browser Open in New Tab Cookie Theft
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Android Browser "Open in New Tab" Cookie Theft', 'Description' = %q In Android's stock AOSP Browser application and WebView component, the "open ...
Android Open Source Platform (AOSP) Browser UXSS
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Android Open Source Platform AOSP Browser UXSS', 'Description' = %q This module exploits a Universal Cross-Site Scripting UXSS vulnerability...
GE Proficy Cimplicity WebView Substitute.bcl Directory Traversal
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'uri' class MetasploitModule 'GE Proficy Cimplicity WebView substitute.bcl Directory Traversal', 'Description' = %q This module abuses a directory traversal in G...
CVE-2024-41918
'Rakuten Ichiba App' for Android 12.4.0 and earlier and 'Rakuten Ichiba App' for iOS 11.7.0 and earlier are vulnerable to improper authorization in handler for custom URL scheme. An arbitrary site may be displayed on the WebView of the product via Intent from another application installed on the...
CVE-2024-41918
'Rakuten Ichiba App' for Android 12.4.0 and earlier and 'Rakuten Ichiba App' for iOS 11.7.0 and earlier are vulnerable to improper authorization in handler for custom URL scheme. An arbitrary site may be displayed on the WebView of the product via Intent from another application installed on the...
CVE-2024-41918
'Rakuten Ichiba App' for Android 12.4.0 and earlier and 'Rakuten Ichiba App' for iOS 11.7.0 and earlier are vulnerable to improper authorization in handler for custom URL scheme. An arbitrary site may be displayed on the WebView of the product via Intent from another application installed on the...
CVE-2024-45240
The TikTok aka com.zhiliaoapp.musically application before 34.5.5 for Android allows the takeover of Lynxview JavaScript interfaces via deeplink traversal in the application's exposed WebView. On Android 12 and later, this is only exploitable by third-party applications...
CVE-2024-45240
The TikTok aka com.zhiliaoapp.musically application before 34.5.5 for Android allows the takeover of Lynxview JavaScript interfaces via deeplink traversal in the application's exposed WebView. On Android 12 and later, this is only exploitable by third-party applications...
CVE-2024-45240
The TikTok aka com.zhiliaoapp.musically application before 34.5.5 for Android allows the takeover of Lynxview JavaScript interfaces via deeplink traversal in the application's exposed WebView. On Android 12 and later, this is only exploitable by third-party applications...
PT-2024-31498 · Bytedance · Tiktok
Name of the Vulnerable Software and Affected Versions: TikTok versions prior to 34.5.5 Description: The issue allows the takeover of Lynxview JavaScript interfaces via deeplink traversal in the application's exposed WebView. On Android 12 and later, this is only exploitable by third-party...