‘Yahoo! JAPAN’ App for Android v2.3.1 to v3.161.1 and ‘Yahoo! JAPAN’ App for iOS v3.2.2 to v4.109.0 contain a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the WebView of ‘Yahoo! JAPAN’ App via other app installed on the user’s device.
[
{
"vendor": "LY Corporation",
"product": "'Yahoo! JAPAN' App for Android",
"versions": [
{
"version": "v2.3.1 to v3.161.1",
"status": "affected"
}
]
},
{
"vendor": "LY Corporation",
"product": "'Yahoo! JAPAN' App for iOS",
"versions": [
{
"version": "v3.2.2 to v4.109.0",
"status": "affected"
}
]
}
]