Yahoo! JAPAN 安全漏洞

Yahoo! JAPAN is a portal website of Yahoo! A security vulnerability exists in Yahoo! JAPAN versions v2.3.1 through v3.161.1, which originates from an arbitrary script that can be executed via the WebView of an application installed on a user's device...

TikTok: Lynxview JS interfaces Takeover via deeplink traversal

The application had vulnerabilities that could have allowed the takeover of JavaScript interfaces via the application's exposed Webview. The issues were only present in older versions of the Android application and were addressed after the researcher reported them to the team...

CVE-2023-49001

An issue in Indi Browser aka kvbrowser v.12.11.23 allows an attacker to bypass intended access restrictions via interaction with the com.example.gurry.kvbrowswer.webview component...

CVE-2023-49001

An issue in Indi Browser aka kvbrowser v.12.11.23 allows an attacker to bypass intended access restrictions via interaction with the com.example.gurry.kvbrowswer.webview component...

Design/Logic Flaw

An issue in Indi Browser aka kvbrowser v.12.11.23 allows an attacker to bypass intended access restrictions via interaction with the com.example.gurry.kvbrowswer.webview component...

CVE-2023-47882

The Kami Vision YI IoT com.yunyi.smartcamera application through 4.1.920231127 for Android allows a remote attacker to execute arbitrary JavaScript code via an implicit intent to the com.ants360.yicamera.activity.WebViewActivity component...

CVE-2023-43955

The com.phlox.tvwebbrowser TV Bro application through 2.0.0 for Android mishandles external intents through WebView. This allows attackers to execute arbitrary code, create arbitrary files. and perform arbitrary downloads via JavaScript that uses takeBlobDownloadData...

CVE-2023-47882

The Kami Vision YI IoT com.yunyi.smartcamera application through 4.1.920231127 for Android allows a remote attacker to execute arbitrary JavaScript code via an implicit intent to the com.ants360.yicamera.activity.WebViewActivity component...

Code injection

The com.phlox.tvwebbrowser TV Bro application through 2.0.0 for Android mishandles external intents through WebView. This allows attackers to execute arbitrary code, create arbitrary files. and perform arbitrary downloads via JavaScript that uses takeBlobDownloadData...

Indi Browser Security Vulnerability

Indi Browser is a browser from Indi Browser, Inc. A security vulnerability exists in Indi Browser version v.12.11.23, which stems from a vulnerability that allows an attacker to bypass intended access restrictions by interacting with the com.example.gurry.kvbrowswer.webview component...

TV Bro Security Breach

TV Bro is truefedex Personal Developer's simple web browser for Android, optimized to work with TV remotes. A security vulnerability exists in truefedex TV Bro 2.0.0 and earlier versions, which stems from a WebView error handling, and allows an attacker to execute arbitrary code, create arbitrary...

Kami YI HOME Security Breach

Kami YI HOME is a webcam from Kami. A security vulnerability exists in Kami YI HOME prior to version 4.1.920231127, which originates from a vulnerability that allows remote attackers to execute arbitrary JavaScript code via the com.ants360.yicamera.activity.WebViewActivity component...

PT-2023-31026 · Unknown · Indi Browser

Name of the Vulnerable Software and Affected Versions: Indi Browser aka kvbrowser version 12.11.23 Description: An issue in Indi Browser allows an attacker to bypass intended access restrictions via interaction with the com.example.gurry.kvbrowswer.webview component. Recommendations: For version...

CVE-2023-43955

The com.phlox.tvwebbrowser TV Bro application through 2.0.0 for Android mishandles external intents through WebView. This allows attackers to execute arbitrary code, create arbitrary files. and perform arbitrary downloads via JavaScript that uses takeBlobDownloadData...

CVE-2023-43955

CVE-2023-43955 affects the com.phlox.tvwebbrowser TV Bro Android app (version 2.0.0 and earlier). The root cause is mishandling of external intents via WebView, enabling an attacker to execute arbitrary code, create arbitrary files, and perform arbitrary downloads using JavaScript that calls take...

PT-2023-29049 · Tv Bro · Tv Bro

Name of the Vulnerable Software and Affected Versions: com.phlox.tvwebbrowser TV Bro application through 2.0.0 for Android Description: The issue arises from the mishandling of external intents through WebView in the com.phlox.tvwebbrowser TV Bro application. This allows attackers to execute...

CVE-2023-6913

A session hijacking vulnerability has been detected in the Imou Life application affecting version 6.7.0. This vulnerability could allow an attacker to hijack user accounts due to the QR code functionality not properly filtering codes when scanning a new device and directly running WebView withou...

Session fixation

A session hijacking vulnerability has been detected in the Imou Life application affecting version 6.7.0. This vulnerability could allow an attacker to hijack user accounts due to the QR code functionality not properly filtering codes when scanning a new device and directly running WebView withou...

Microsoft Teams Isolated Webview Prototype Pollution Privilege Escalation Vulnerability

This vulnerability allows remote attackers to escalate privileges on affected installations of Microsoft Teams. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Isolated Webview...

CVE-2023-41898

Home assistant is an open source home automation. The Home Assistant Companion for Android app up to version 2023.8.2 is vulnerable to arbitrary URL loading in a WebView. This enables all sorts of attacks, including arbitrary JavaScript execution, limited native code execution, and credential...