PT-2024-12097 · Xiaomi · Xiaomigetapps

Name of the Vulnerable Software and Affected Versions: XiaomiGetApps affected versions not specified Description: A code execution vulnerability exists in the XiaomiGetApps application product, caused by the verification logic being bypassed. An attacker can exploit this vulnerability to execute...

Microsoft Teams (work or school) for macOS WebView.app helper app library injection vulnerability

Talos Vulnerability Report TALOS-2024-1990 Microsoft Teams work or school for macOS WebView.app helper app library injection vulnerability August 19, 2024 CVE Number CVE-2024-41145 SUMMARY A library injection vulnerability exists in the WebView.app helper app of Microsoft Teams work or school...

CVE-2024-0949

Missing Authentication, Files or Directories Accessible to External Parties, Use of Hard-coded Credentials vulnerability in Talya Informatics Elektraweb allows Authentication Bypass. This issue affects Elektraweb: before v17.0.68...

CVE-2024-0949 Improper Access Control in Talya Informatics' Elektraweb

Missing Authentication, Files or Directories Accessible to External Parties, Use of Hard-coded Credentials vulnerability in Talya Informatics Elektraweb allows Authentication Bypass. This issue affects Elektraweb: before v17.0.68...

CVE-2024-0949

CVE-2024-0949 affects Talya Informatics’ Elektraweb prior to 17.0.68. The issue is described as Missing Authentication and Use of Hard-coded Credentials that enables Authentication Bypass due to improper access control, potentially exposing files/directories externally and impacting confidentiali...

PT-2024-15930

Name of the Vulnerable Software and Affected Versions Elektraweb versions prior to 17.0.68 Description The issue is related to improper access control, missing authorization, and incorrect permission assignment for critical resources. It allows for exploiting incorrectly configured access control...

U.S. Dept Of Defense: █████████ (Android): Vulnerable to Javascript Injection and Open redirect

A vulnerability was discovered in the WebView components of two apps, ████ and ██████████, which allowed an attacker to execute JavaScript and open any URL through a link or a malicious app. The root cause of this issue was that certain activities were exported and set as browsable, exposing them...

[SECURITY] Fedora 40 Update: qt5-qtwebview-5.15.14-1.fc40

Qt WebView provides a way to display web content in a QML application without necessarily including a full web browser stack by using native APIs where it makes sense...

PT-2024-14074 · Kakao · Kakaotalk

Name of the Vulnerable Software and Affected Versions: KakaoTalk version 10.4.3 Description: A deep link validation issue allowed a remote adversary to direct users to run any attacker-controlled JavaScript within a WebView. The impact was further escalated by triggering another WebView that leak...

CVE-2023-51219

A deep link validation issue in KakaoTalk 10.4.3 allowed a remote adversary to direct users to run any attacker-controlled JavaScript within a WebView. The impact was further escalated by triggering another WebView that leaked its access token in a HTTP request header. Ultimately, this access tok...

[SECURITY] Fedora 40 Update: qt6-qtwebview-6.7.1-1.fc40

Qt WebView provides a way to display web content in a QML application without necessarily including a full web browser stack by using native APIs where it makes sense...

CVE-2024-31974

The com.solarized.firedown aka Solarized FireDown Browser & Downloader application 1.0.76 for Android allows a remote attacker to execute arbitrary JavaScript code via a crafted intent. com.solarized.firedown.IntentActivity uses a WebView component to display web content and doesn't adequately...

CVE-2024-31974

The CVE-2024-31974 entry concerns com.solarized.firedown (Solarized FireDown Browser & Downloader) for Android 1.0.76. Exploitation arises because com.solarized.firedown.IntentActivity uses a WebView to display web content and does not adequately sanitize the URI or extra data passed in an intent...

CVE-2024-31974

The com.solarized.firedown aka Solarized FireDown Browser & Downloader application 1.0.76 for Android allows a remote attacker to execute arbitrary JavaScript code via a crafted intent. com.solarized.firedown.IntentActivity uses a WebView component to display web content and doesn't adequately...

PT-2024-24328 · Unknown · Com.Solarized.Firedown

Name of the Vulnerable Software and Affected Versions: com.solarized.firedown aka Solarized FireDown Browser & Downloader version 1.0.76 Description: The issue allows a remote attacker to execute arbitrary JavaScript code via a crafted intent. This is possible because...

CVE-2024-28895

'Yahoo! JAPAN' App for Android v2.3.1 to v3.161.1 and 'Yahoo! JAPAN' App for iOS v3.2.2 to v4.109.0 contain a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the WebView of 'Yahoo! JAPAN' App via other app installed on the user's devi...

CVE-2024-28895

'Yahoo! JAPAN' App for Android v2.3.1 to v3.161.1 and 'Yahoo! JAPAN' App for iOS v3.2.2 to v4.109.0 contain a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the WebView of 'Yahoo! JAPAN' App via other app installed on the user's devi...

CVE-2024-28895

'Yahoo! JAPAN' App for Android v2.3.1 to v3.161.1 and 'Yahoo! JAPAN' App for iOS v3.2.2 to v4.109.0 contain a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the WebView of 'Yahoo! JAPAN' App via other app installed on the user's devi...

CVE-2024-28895

CVE-2024-28895 is a cross-site scripting vulnerability in the Yahoo! JAPAN App for Android (2.3.1–3.161.1) and iOS (3.2.2–4.109.0). The root cause is a WebView-based XSS (CWE-79) that could allow an arbitrary script to execute in the WebView via another app on the device. Exploitation details are...

PT-2024-22635 · Yahoo · Yahoo! Japan App For Android +1

Name of the Vulnerable Software and Affected Versions: Yahoo! JAPAN App for Android versions 2.3.1 through 3.161.1 Yahoo! JAPAN App for iOS versions 3.2.2 through 4.109.0 Description: The issue is related to a cross-site scripting vulnerability. If exploited, an arbitrary script may be executed o...