Описание
When processing Deeplink scheme, Happypoint mobile app 6.3.19 and earlier versions doesn't check Deeplink URL correctly. This could lead to javascript code execution, url redirection, sensitive information disclosure. An attacker can exploit this issue by enticing an unsuspecting user to open a specific malicious URL.
Ссылки
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:happypointcard:happypoint:6.3.19:*:*:*:*:android:*:*
EPSS
Процентиль: 54%
0.0031
Низкий
7.8 High
CVSS3
8.1 High
CVSS3
5.8 Medium
CVSS2
Дефекты
CWE-94
CWE-601
Связанные уязвимости
CVSS3: 8.1
github
больше 3 лет назад
When processing Deeplink scheme, Happypoint mobile app 6.3.19 and earlier versions doesn't check Deeplink URL correctly. This could lead to javascript code execution, url redirection, sensitive information disclosure. An attacker can exploit this issue by enticing an unsuspecting user to open a specific malicious URL.
EPSS
Процентиль: 54%
0.0031
Низкий
7.8 High
CVSS3
8.1 High
CVSS3
5.8 Medium
CVSS2
Дефекты
CWE-94
CWE-601