Описание
The in-app browser in LINE client for iOS versions prior to 14.14 is vulnerable to address bar spoofing, which could allow attackers to execute malicious JavaScript within iframes while displaying trusted URLs, enabling phishing attacks through overlaid malicious content.
Ссылки
- Permissions RequiredThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 14.14.0 (исключая)
cpe:2.3:a:linecorp:line:*:*:*:*:*:iphone_os:*:*
EPSS
Процентиль: 8%
0.00029
Низкий
4.3 Medium
CVSS3
Дефекты
CWE-451
Связанные уязвимости
CVSS3: 4.3
github
около 2 месяцев назад
The in-app browser in LINE client for iOS versions prior to 14.14 is vulnerable to address bar spoofing, which could allow attackers to execute malicious JavaScript within iframes while displaying trusted URLs, enabling phishing attacks through overlaid malicious content.
EPSS
Процентиль: 8%
0.00029
Низкий
4.3 Medium
CVSS3
Дефекты
CWE-451