Lucene search
K

7 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/06/19 7:4 a.m.3 views

"ZOZOTOWN" App for Android fails to restrict custom URL schemes properly

Overview "ZOZOTOWN" App for Android provided by ZOZO, Inc. provides the function to access a URL requested via Custom URL Scheme. The App does not restrict access to the function properly CWE-939 which may be exploited to direct the App to access any sites. Impact A remote attacker may lead a use...

4.3CVSS6.8AI score0.00289EPSS
Exploits0References4
NVD
NVD
added 2024/06/19 5:15 a.m.18 views

CVE-2024-35298

Improper authorization in handler for custom URL scheme issue in 'ZOZOTOWN' App for Android versions prior to 7.39.6 allows an attacker to lead a user to access an arbitrary website via another application installed on the user's device. As a result, the user may become a victim of a phishing...

4.3CVSS0.00289EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/06/19 5:7 a.m.24 views

CVE-2024-35298

Improper authorization in handler for custom URL scheme issue in 'ZOZOTOWN' App for Android versions prior to 7.39.6 allows an attacker to lead a user to access an arbitrary website via another application installed on the user's device. As a result, the user may become a victim of a phishing...

0.00289EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/06/19 5:7 a.m.14 views

CVE-2024-35298

Improper authorization in handler for custom URL scheme issue in 'ZOZOTOWN' App for Android versions prior to 7.39.6 allows an attacker to lead a user to access an arbitrary website via another application installed on the user's device. As a result, the user may become a victim of a phishing...

6.9AI score0.00289EPSS
Exploits0References1
CVE
CVE
added 2024/06/19 5:7 a.m.48 views

CVE-2024-35298

The CVE-2024-35298 entry is confirmed to affect the ZOZOTOWN Android app (versions prior to 7.39.6). The root cause is improper authorization in the handler for the Custom URL Scheme (CWE-939), which can be exploited to direct the app to access arbitrary websites through another application on th...

4.3CVSS6.9AI score0.00289EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/06/19 12:0 a.m.4 views

ZOZOTOWN Security Vulnerability

ZOZOTOWN is a fashion shopping application from the Japanese company ZOZO. A security vulnerability exists in ZOZOTOWN versions prior to 7.39.6, which stems from improper authorization in the Custom URL Scheme issue handler and allows an attacker to direct a user to an arbitrary website via anoth...

4.3CVSS6.8AI score0.00289EPSS
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/06/19 12:0 a.m.16 views

JVN#37818611: "ZOZOTOWN" App for Android fails to restrict custom URL schemes properly

"ZOZOTOWN" App for Android provided by ZOZO, Inc. provides the function to access a URL requested via Custom URL Scheme. The App does not restrict access to the function properly CWE-939 which may be exploited to direct the App to access any sites. Impact A remote attacker may lead a user to acce...

4.3CVSS4.6AI score0.00289EPSS
Exploits0
Rows per page
Query Builder