CVE-2024-28895

2024-04-0101:15:46

[email protected]

web.nvd.nist.gov

yahoo! japan

android

ios

cross-site scripting

vulnerability

webview

arbitrary script

nvd

5.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

‘Yahoo! JAPAN’ App for Android v2.3.1 to v3.161.1 and ‘Yahoo! JAPAN’ App for iOS v3.2.2 to v4.109.0 contain a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the WebView of ‘Yahoo! JAPAN’ App via other app installed on the user’s device.

Affected configurations

Vulners

Node

ly_corporation\'yahoo\!_japan\'_app_for_androidRange2.3.1–3.161.1

ly_corporation\'yahoo\!_japan\'_app_for_iosRange3.2.2–4.109.0

CNA Affected

[
  {
    "vendor": "LY Corporation",
    "product": "'Yahoo! JAPAN' App for Android",
    "versions": [
      {
        "version": "v2.3.1 to v3.161.1",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "LY Corporation",
    "product": "'Yahoo! JAPAN' App for iOS",
    "versions": [
      {
        "version": "v3.2.2 to v4.109.0",
        "status": "affected"
      }
    ]
  }
]

References

jvn.jp/en/jp/JVN23528780/