AI Score
Confidence
Low
EPSS
Percentile
9.1%
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial
A deep link validation issue in KakaoTalk 10.4.3 allowed a remote adversary to direct users to run any attacker-controlled JavaScript within a WebView. The impact was further escalated by triggering another WebView that leaked its access token in a HTTP request header. Ultimately, this access token could be used to take over another userβs account and read her/his chat messages.