Cross-site scripting (XSS) vulnerability in the RSS feed reader functionality in Lunascape 4.1.3 build2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
5.7AI Score
0.006EPSS
Lunascape 5.1.3 and 5.1.4 allows remote attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary URL on the web site visited by the victim, as demonstrated by a visit to an attacker-controlled web page, which triggers a spoofed login form for the site containing...
6.8AI Score
0.001EPSS
Untrusted search path vulnerability in Lunascape before 6.4.0 allows local users to gain privileges via a Trojan horse DLL in the current working directory.
6.7AI Score
0.0004EPSS
Untrusted search path vulnerability in the script function in Lunascape before 6.4.3 allows local users to gain privileges via a Trojan horse executable file in the current working directory.
6.6AI Score
0.0004EPSS
The iLunascape application 1.0.4.0 and earlier for Android does not properly implement the WebView class, which allows remote attackers to obtain sensitive stored information via a crafted application.
6.1AI Score
0.004EPSS