Lucene search
K
JvnMost viewed

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/06/23 12:0 a.m.39 views

JVN#19578958: Symfony vulnerable to code injection

Symfony is an open source web application framework provided by SensioLabs. Symfony contains a code injection vulnerability. Applications with ESI support enabled and using the Symfony built-in reverse proxy the HttpCache class are affected. Impact Arbitrary PHP code may be executed on the server...

6.8CVSS6.4AI score0.01365EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/05/14 12:0 a.m.39 views

JVN#18957556: Cacti vulnerable to SQL injection

Cacti is a web application that graphs stored data collected from network devices. Cacti contains a SQL injection vulnerability due to a flaw in processing user input values for 'localgraphid' in graph.php. Impact Arbitrary SQL queries may be injected in the back-end database by a remote...

6.5CVSS6.5AI score0.01084EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/02/20 12:0 a.m.39 views

JVN#93318392: AL-Mail32 vulnerable to buffer overflow

AL-Mail32 provided by CREAR Corporation is an email client for Windows. AL-Mail32 contains a buffer overflow vulnerability due to a flaw in processing attachments. Impact When an attachment with specially crafted file name is processed, arbitrary code may be executed. Solution Update the Software...

6.8CVSS7.2AI score0.02676EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/02/13 12:0 a.m.39 views

JVN#48659722: Smartphone Passbook for Android information management vulnerability

Smartphone Passbook for Android contains an issue where user inputs are output into a log file. Impact Other android applications with permissions to read system log files may obtain information entered by a user. Solution Update the Software Update to the latest version according to the...

1.8CVSS6.2AI score0.00401EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2014/12/18 12:0 a.m.39 views

JVN#76515134: WBS Gantt-Chart for JIRA vulnerable to cross-site scripting

WBS Gantt-Chart for JIRA provided by Ricksoft Inc. is an add-on for JIRA which provides WBS Work Breakdown Structure and Gantt-Chart features. WBS Gantt-Chart for JIRA contains a flaw in exporting data, which may lead to cross-site scripting CWE-79. Impact An arbitrary script may be executed on t...

4.3CVSS5.7AI score0.01148EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2014/12/09 12:0 a.m.39 views

JVN#89613370: i-HTTPD vulnerable to cross-site scripting

i-HTTPD is a web server for Windows. i-HTTPD contains a flaw in generating a directory index page, which may lead to a cross-site scripting CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Do not use i-HTTPD i-HTTPD is no longer being developed or maintained...

4.3CVSS5.8AI score0.01148EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2014/12/04 12:0 a.m.39 views

JVN#24909891: Kaku-San-Sei Million Arthur for Android information management vulnerability

Kaku-San-Sei Million Arthur provided by SQUARE ENIX CO., LTD. is a gaming application. Kaku-San-Sei Million Arthur for Android contains an information management vulnerability. Impact Android applications with permissions to read information stored on SD cards may obtain product credentials...

5CVSS6.2AI score0.00982EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2014/06/24 12:0 a.m.39 views

JVN#05329568: Login rebuilder vulnerable to cross-site request forgery

Login rebuilder is a plugin for WordPress. Login rebuilder contains a cross-site request forgery vulnerability. Impact If a user views a malicious page while logged in, unintended operations may be conducted. Solution Update the Software Update to the latest version according to the information...

6.8CVSS6.1AI score0.01076EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2014/03/17 12:0 a.m.39 views

JVN#16263849: Demaecan for Android. contains an issue where it fails to verify SSL server certificates

Demaecan for Android. contains an issue where it fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Software Update to the latest version according to the information provided by the...

5.8CVSS6.2AI score0.00587EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2013/11/20 12:0 a.m.39 views

JVN#61077110: EC-CUBE vulnerable to information disclosure

EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a vulnerability in processing the output of error logs, which may lead to information disclosure. Impact A user who visits the shopping site may view the information managed by the website owner...

4.3CVSS6AI score0.01309EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2013/10/04 12:0 a.m.39 views

JVN#33788325: Accela BizSearch vulnerable to cross-site scripting

Accela BizSearch provided by Accela Technology Corporation is an enterprise search system. Accela BizSearch contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Apply a patch Apply the patch according to the information...

4.3CVSS6AI score0.01792EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2013/09/06 12:0 a.m.39 views

JVN#72911629: VMware ESX and ESXi vulnerable to directory traversal

VMware ESX and ESXi contains a directory traversal vulnerability. Impact A remote attacker may delete arbitrary files on the host operating system. Solution Apply an Update Apply the latest update for the version of the software being used. Products Affected VMware ESXi 5.0 without patch...

9.4CVSS6.8AI score0.03687EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2013/05/31 12:0 a.m.39 views

JVN#53579095: FileMaker Pro vulnerable to cross-site scripting

FileMaker Pro contains an "Instant Web Publishing" function. When this function is enabled, FileMaker Pro is vulnerable to cross-scripting. Impact An arbitrary script may be executed on the user's web browser. Solution Upgrade the software Upgrade to the latest version according to the informatio...

4.3CVSS6AI score0.01792EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2012/09/27 12:0 a.m.39 views

JVN#42014489: Trend Micro Control Manager vulnerable to SQL injection

Trend Micro Control Manager contains a vulnerability in the ad hoc query module, which may result in SQL injection. Impact An arbitrary SQL command may be executed in the backend database the product is referencing. Solution Apply a patch Apply the appropriate patch according to the information...

7.5CVSS6.6AI score0.06089EPSS
Exploits5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2012/06/14 12:0 a.m.39 views

JVN#90751882: Dolphin Browser vulnerable in the WebView class

Dolphin Browser is a web browser for Android devices. Dolphin Browser HD and Dolphin for Pad contain a vulnerability in the WebView class. Impact If a user of the affected product uses other malicious Android application, information managed by the affected product may be disclosed. Solution Upda...

4.3CVSS6.2AI score0.01066EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2011/09/02 12:0 a.m.39 views

JVN#71435255: Multiple vulnerabilities in Phorum

Phorum is a message board software. Phorum contains cross-site request forgery and cross-site scripting vulnerabilities. Impact An arbitrary file may be uploaded or an arbitrary script may be executed on the web browser of a user that is logged in. Solution Update the software Update to the lates...

6.8CVSS5.8AI score0.01042EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2011/07/28 12:0 a.m.39 views

JVN#36721438: Mozilla Firefox vulnerability in processing content-length header

Mozilla Firefox contains a vulnerability in the processing of content-length header. Impact When a malicious website is viewed, a script may be injected within a response from another domain. Solution Update the software Update to the latest version according to the information provided by the...

8.8CVSS8.5AI score0.01111EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2011/06/24 12:0 a.m.39 views

JVN#55508059: Cybozu Office vulnerable to cross-site scripting

Cybozu Office is a groupware. Cybozu Office contains a cross-site scripting vulnerability due to issues contained in the address book and user list functions. Impact An arbitrary script may be executed on the web browser of an user who is logged on. Solution Update the software Update to the late...

4.3CVSS5.8AI score0.01263EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2011/06/10 12:0 a.m.39 views

JVN#09206238: Java Web Start may insecurely load settings files

Java Web Start is tool to distribute Java applications over the web and is contained in Java applications such as JRE Java Runtime Environment Java Web Start contains an issue with the file search path, which may insecurely load settings files. Impact An attacker may execute arbitrary code with t...

7.6CVSS8.7AI score0.02437EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2011/05/10 12:0 a.m.39 views

JVN#37878530: EC-CUBE vulnerable to cross-site request forgery

EC-CUBE provided by LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a cross-site request forgery vulnerability. Impact If a user views a malicious page while logged in, information stored within EC-CUBE may be altered. Solution Update the Software Apply t...

5.8CVSS6AI score0.0061EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2011/04/11 12:0 a.m.39 views

JVN#55714408: Multiple Yamaha routers vulnerable to denial-of-service (DoS)

Multiple routers provided by Yamaha contain a denial-of-service DoS vulnerability due to an issue in processing IP packets. Impact A remote attacker may cause a denial-of-service DoS. Solution Update the firmware Update to the latest version of firmware according to the information provided by th...

7.8CVSS6.4AI score0.01633EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2011/04/08 12:0 a.m.39 views

JVN#11424086: Password Vault Web Access vulnerable to cross-site scripting

Password Vault Web Access PVWA is a module in the Privileged Identity Management Suite that allows access via a web portal. PVWA contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the web browser of an user who is logged on. Solution Apply a patch Apply t...

4.3CVSS5.8AI score0.01053EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2011/01/26 12:0 a.m.39 views

JVN#54092716: MODx Evolution vulnerable to SQL injection

MODx provided by the MODx CMS Project is a Content Management System CMS software. MODx Evolution contains SQL injection vulnerability. Impact A remote attacker may execute arbitrary PHP code as a result of SQL injection. Solution Update the software Update to the latest version according to the...

7.5CVSS8.2AI score0.01725EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2010/12/15 12:0 a.m.39 views

JVN#33301529: Internet Explorer vulnerable to cross-site scripting

Microsoft Internet Explorer contains a vulnerability in handling specific ISO-2022-JP encoded characters, which may result in cross-site scripting. Impact An arbitrary script may be executed. Solution Update the Software Apply the latest update according to the information provided by Microsoft...

4.3CVSS5.7AI score0.13615EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2010/10/22 12:0 a.m.39 views

JVN#50610528: Sleipnir and Grani may insecurely load dynamic libraries

Sleipnir and Grani provided by Fenrir are web browsers. Sleipnir and Grani loads certain DLL's when HTML files are opened. Sleipnir and Grani contain an issue with the DLL search path, which may lead to insecurely loading dynamic libraries. Impact An attacker may execute arbitrary code with the...

6.9CVSS7.2AI score0.00287EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2009/11/19 12:0 a.m.39 views

JVN#87341298 Redmine vulnerable to cross-site request forgery

Redmine is a project management software. Redmine contains a cross-site request forgery vulnerability. Impact If a user views a malicious page while logged into Redmine, an arbitrary ticket may be deleted. Solution Update the Software Update to the latest version according to the information...

6.8CVSS6.2AI score0.00719EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2009/05/29 12:0 a.m.39 views

JVN#70836284 IMG-BBS from MT312 vulnerable to cross-site scripting

IMG-BBS from MT312, is a web log system that supports posting picture files via email from a mobile phone. IMG-BBS contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update the software to the latest...

4.3CVSS6AI score0.01033EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2009/04/27 12:0 a.m.39 views

JVN#76370393 FORM2MAIL from CGI RESCUE allows unauthorized email transmission

FORM2MAIL from CGI RESCUE is a software that sends emails with contents that are input into a HTML form. FORM2MAIL contains a vulnerability which allows unauthorized email transmission regardless of the configuration. Impact A remote attacker may send emails to arbitrary addresses. Solution Updat...

5CVSS6.3AI score0.01222EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2009/01/20 12:0 a.m.39 views

JVN#93431860 Oracle WebLogic Server vulnerable to cross-site scripting

Oracle WebLogic Server is an application server based on Java Platform Enterprise Edition 5 JavaEE5. Oracle WebLogic Server contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Apply the latest updates...

6.8CVSS5.8AI score0.01434EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/08/21 12:0 a.m.39 views

JVN#53886050 Vulnerability in La!cooda WIZ and LacoodaST allowing an arbitrary PHP script execution

La!cooda WIZ from System Consultants Co., Ltd. and LacoodaST from SpaceTag, Inc. are groupware providing schedule and task managements, etc. La!cooda WIZ and LacoodaST contain a vulnerability which may allow a malicious user to execute an arbitrary PHP script on the server. Impact If an arbitrary...

10CVSS6.9AI score0.0266EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2007/02/14 12:0 a.m.39 views

JVN#14243645 Adobe JRun cross-site scripting vulnerability

Impact An arbitrary script may be executed on the browser of the administrator logged into Adobe JRun. In addition, if session information from a cookie is leaked, an remote attacker could possibly conduct session hijacking. Solution Products Affected Adobe JRun 4.0 ColdFusion MX 6.1 Enterprise...

4.3CVSS6.4AI score0.0319EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2006/06/14 12:0 a.m.39 views

JVN#74969119 Microsoft Internet Explorer address bar spoofing vulnerability

Impact An user could be navigated to visit an untrusted malicous website even though the user intends to visit a trusted website. Therefore an attacker could possibly conduct a physing attack. Solution Products Affected Microsoft Internet Explorer For more information, refer to the vendor's websi...

4.3CVSS6.2AI score0.19154EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2006/04/26 12:0 a.m.39 views

JVN#72225922 Apache Struts Validator allows to bypass input data validation

Impact Depending on the web application, an attacker may be able to manipulate unexpected operations by bypassing validation of input data. For example, unintended format data may be saved. Solution Products Affected Apache Struts 1.2.8 and earlier...

7.5CVSS7.4AI score0.06142EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2005/12/15 12:0 a.m.39 views

JVN#06045169 mod_imap cross-site scripting vulnerability

Impact A remote attacker could execute a malicious script on the web browser of a user who accessed a web page where modimap or modimagemap is used. Solution Products Affected For more information, refer to the vendor's website...

4.3CVSS9.4AI score0.73692EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2005/10/11 12:0 a.m.39 views

JVN#23632449: OpenSSL version rollback vulnerability

Impact When performing communication through a path controlled by an attacker using OpenSSL, the attacker conducting a man-in-the-middle MITM attack can force a client and a server to negotiate the SSL 2.0 protocol even if these parties both support SSL 3.0 or TLS 1.0 to intercept or alter data...

5CVSS5.5AI score0.04866EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2005/08/04 12:0 a.m.39 views

JVN#38138980 Hiki cross-site scripting vulnerability

Impact A remote attacker could create a content containing attacking code and take over a session by stealing the session ID of the user who logged into the system. If the user logged into the system as the administrator, the remote attacker could manipulate configurations. Solution Products...

4.3CVSS6.5AI score0.01235EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/08/27 12:0 a.m.39 views

JVN#24885537: Multiple vulnerabilities in ELECOM wireless LAN routers and access points

Multiple wireless LAN routers and access points provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below. Cross-site scripting vulnerability due to an improper processing of input values in easysetup.cgi and menu.cgi CWE-79 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Base Score...

9.8CVSS6.6AI score0.00943EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/04/16 12:0 a.m.38 views

JVN#23835228: Proscend Communications M330-W and M330-W5 vulnerable to OS command injection

M330-W and M330-W5 provided by Proscend Communications Inc. are LTE Industrial Cellular Routers. M330-W and M330-W5 contain an OS command injection vulnerability CWE-78. Impact An arbitrary OS command may be executed by an attacker who has access to the product. Solution Update the firmware The...

9.8CVSS8.3AI score0.02311EPSS
Exploits2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/01/24 12:0 a.m.38 views

JVN#70818619: "Mercari" App for Android fails to restrict custom URL schemes properly

"Mercari" App for Android by Mercari, Inc. provides the function to access a requested URL using Custom URL Scheme. The App does not restrict access to the function properly CWE-939 which may be exploited to direct the App to access any sites. Impact A remote attacker may lead a user to access an...

6.1CVSS6.2AI score0.00385EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/12/01 12:0 a.m.38 views

JVN#45891816: Ruckus Access Point vulnerable to cross-site scripting

Ruckus Access Point provided by CommScope, Inc. contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who is logging in the product. Solution Update the Software Update the software to the latest version according to the...

6.1CVSS6.1AI score0.00414EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/11/17 12:0 a.m.38 views

JVN#13618065: Redmine vulnerable to cross-site scripting

Redmine contains a cross-site scripting vulnerability CWE-79 due to improper character string processing. Impact An arbitrary script may be executed on the web browser of the user who is using the product. Solution Update the Software Update the software to the latest version according to the...

6.1CVSS6AI score0.00397EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/08/21 12:0 a.m.38 views

JVN#98946408: WordPress Plugin "Advanced Custom Fields" vulnerable to cross-site scripting

WordPress Plugin "Advanced Custom Fields" provided by WP Engine contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who is logging in to the product with the editor or higher privilege. Solution Update the plugin Update t...

5.4CVSS5.7AI score0.0148EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/03/24 12:0 a.m.38 views

JVN#35246979: ELECOM WAB-MAT registers its windows service executable with an unquoted file path

WAB-MAT provided by ELECOM CO.,LTD. is Access Point Management Tool for corporate users. WAB-MAT registers its windows service executable with an unquoted file path CWE-428. Impact If a malicious executable is placed on a certain path, it may be executed with the privilege of the Windows service...

7.3CVSS7.2AI score0.00198EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/12/19 12:0 a.m.38 views

JVN#13075438: Corel Roxio Creator LJB starts a program with an unquoted file path

Roxio Creator LJB provided by Corel Corporation starts another program with an unquoted file path CWE-428. Impact Since a registered Windows service path contains spaces and are unquoted, if a malicious executable is placed on a certain path, the executable may be executed with the privilege of t...

6.7CVSS6.4AI score0.00431EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/07/27 12:0 a.m.38 views

JVN#81563390: "Hulu / フールー" App for iOS vulnerable to improper server certificate verification

"Hulu / フールー" App for iOS provided by HJ Holdings, Inc. is vulnerable to improper server certificate verification CWE-295. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the application Update the application to the latest versi...

4.8CVSS4.7AI score0.00203EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/06/29 12:0 a.m.38 views

JVN#41017328: HOME SPOT CUBE2 vulnerable to OS command injection

HOME SPOT CUBE2 provided by KDDI CORPORATION contains an OS command injection vulnerability CWE-78 due to improper processing of data received from DHCP server. Impact An arbitrary OS command may be executed on the product if a malicious DHCP server is placed on the WAN side of the product...

8.8CVSS8.9AI score0.00939EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/05/10 12:0 a.m.38 views

JVN#60801132: GENEREX RCCMD vulnerable to directory traversal

RCCMD provided by GENEREX SYSTEMS Computervertriebsgesellschaft mbH contains a directory traversal vulnerability CWE-22. Impact Arbitrary files on the server may be viewed or altered by an attacker. Solution Update the software Update the software to the latest version according to the informatio...

6.5CVSS6.4AI score0.01445EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/05/09 12:0 a.m.38 views

JVN#50337155: KOYO Electronics Screen Creator Advance2 vulnerable to authentication bypass

Screen Creator Advance2 provided by KOYO ELECTRONICS INDUSTRIES CO., LTD. is a screen development tool for KOYO ELECTRONICS's HMI. Screen Creator Advance2 contains an authentication bypass vulnerability CWE-807 due to the improper check for the Remote control setting's account names. Impact An...

7CVSS7.2AI score0.00209EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/01/13 12:0 a.m.38 views

JVN#81479705: Label printers "TEPRA" PRO SR5900P / SR-R7900P vulnerable to insufficiently protected credentials

Label printers "TEPRA" PRO SR5900P / SR-R7900P provided by KING JIM CO.,LTD. contain an insufficiently protected credentials vulnerability CWE-522. Impact An attacker who can access the products via network may obtain credentials to connect to the Wi-Fi access point with the infrastructure mode...

4.3CVSS4.4AI score0.00342EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/12/22 12:0 a.m.38 views

JVN#66422035: Android Apps developed using Yappli fails to restrict custom URL schemes properly

Yappli provided by Yappli, Inc. is an application development platform. Android Apps that are developed with Yappli provide the function to access a requested URL using Custom URL Scheme. The access to the function is not restricted properly CWE-939 which may be exploited to direct the App to...

8.1CVSS7.8AI score0.00842EPSS
Exploits0
Total number of security vulnerabilities5000