10960 matches found
CVE-2023-26309
CVE-2023-26309 describes a remote code execution in the webview component of the OnePlus Store app. Affected: OnePlus Store app webview. Vulnerability type and root cause are not detailed beyond generic RCE in webview; impact is high (C/H/I/A: HIGH per NVD; CVSS v3.1 scores show 9.8 base in NVD w...
CVE-2023-26309 A remote code execution vulnerability in the webview component
A remote code execution vulnerability in the webview component of OnePlus Store app...
OPPO OnePlus Mall Security Breach
OPPO OnePlus Mall is a mobile application from OPPO Guangdong Mobile Communications OPPO, China. A security vulnerability exists in OPPO OnePlus Mall version 3.0.2023, which stems from a remote code execution RCE vulnerability in the webview component...
OPPO Store app security breach
The OPPO Store app is a mobile store application from OPPO Guangdong Mobile Communications OPPO, China. A security vulnerability exists in OPPO Store app version 5.11.2023, which stems from a remote code execution RCE vulnerability in the webview component...
CVE-2023-26316
A XSS vulnerability exists in the Xiaomi cloud service Application product. The vulnerability is caused by Webview's whitelist checking function allowing javascript protocol to be loaded and can be exploited by attackers to steal Xiaomi cloud service account's cookies...
CVE-2023-26316
A XSS vulnerability exists in the Xiaomi cloud service Application product. The vulnerability is caused by Webview's whitelist checking function allowing javascript protocol to be loaded and can be exploited by attackers to steal Xiaomi cloud service account's cookies...
CVE-2023-26316
A XSS vulnerability exists in the Xiaomi cloud service Application product. The vulnerability is caused by Webview's whitelist checking function allowing javascript protocol to be loaded and can be exploited by attackers to steal Xiaomi cloud service account's cookies...
Cross site scripting
A XSS vulnerability exists in the Xiaomi cloud service Application product. The vulnerability is caused by Webview's whitelist checking function allowing javascript protocol to be loaded and can be exploited by attackers to steal Xiaomi cloud service account's cookies...
CVE-2023-26316
A XSS vulnerability exists in the Xiaomi cloud service Application product. The vulnerability is caused by Webview's whitelist checking function allowing javascript protocol to be loaded and can be exploited by attackers to steal Xiaomi cloud service account's cookies...
CVE-2023-26316
A XSS vulnerability exists in the Xiaomi cloud service Application product. The vulnerability is caused by Webview's whitelist checking function allowing javascript protocol to be loaded and can be exploited by attackers to steal Xiaomi cloud service account's cookies...
PT-2023-20607 · Xiaomi · Xiaomi Cloud Service Application
Name of the Vulnerable Software and Affected Versions: Xiaomi cloud service Application product affected versions not specified Description: A XSS issue exists in the Xiaomi cloud service Application product. The issue is caused by Webview's whitelist checking function allowing the javascript...
CVE-2023-29459
The laola.redbull application through 5.1.9-R for Android exposes the exported activity at.redbullsalzburg.android.AppMode.Default.Splash.SplashActivity, which accepts a data: URI. The target of this URI is subsequently loaded into the application's webview, thus allowing the loading of arbitrary...
CVE-2023-29459
The laola.redbull application through 5.1.9-R for Android exposes the exported activity at.redbullsalzburg.android.AppMode.Default.Splash.SplashActivity, which accepts a data: URI. The target of this URI is subsequently loaded into the application's webview, thus allowing the loading of arbitrary...
Information disclosure
The laola.redbull application through 5.1.9-R for Android exposes the exported activity at.redbullsalzburg.android.AppMode.Default.Splash.SplashActivity, which accepts a data: URI. The target of this URI is subsequently loaded into the application's webview, thus allowing the loading of arbitrary...
PT-2023-22267 · Red Bull · Laola.Redbull
Name of the Vulnerable Software and Affected Versions: laola.redbull application through 5.1.9-R for Android Description: The laola.redbull application exposes the exported activity at.redbullsalzburg.android.AppMode.Default.Splash.SplashActivity, which accepts a data: URI. The target of this URI...
CVE-2023-29459
The CVE corresponds to the Android app laola.redbull (5.1.9-R and earlier). It exposes the exported activity at.redbullsalzburg.android.AppMode.Default.Splash.SplashActivity, which accepts a data: URI. The URI’s target is loaded into the app’s WebView, enabling loading of arbitrary content within...
Important: Red Hat Security Advisory: webkit2gtk3 security update
An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...
Goldoson Android Malware Infects Over 100 Million Google Play Store Downloads
A new Android malware strain named Goldoson has been detected in the official Google Play Store spanning more than 60 legitimate apps that collectively have over 100 million downloads. An additional eight million installations have been tracked through ONE store, a leading third-party app...
SUSE CVE-2009-4975
Cross-site scripting XSS vulnerability in webview.cpp in QtDemoBrowser allows remote attackers to inject arbitrary web script or HTML via a URL associated with a nonexistent domain name, related to a "universal XSS" issue, a similar vulnerability to CVE-2010-2536...
SUSE CVE-2010-2536
Multiple cross-site scripting XSS vulnerabilities in rekonq 0.5 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 a URL associated with a nonexistent domain name, related to webpage.cpp, aka a "universal XSS" issue; 2 unspecified vectors related to webview.cpp; and t...