CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5739
https://notcve.org/view.php?id=CVE-2024-5739
The in-app browser of LINE client for iOS versions below 14.9.0 contains a Universal XSS (UXSS) vulnerability. This vulnerability allows for cross-site scripting (XSS) where arbitrary JavaScript can be executed in the top frame from an embedded iframe on any displayed web site within the in-app browser. The in-app browser is usually opened by tapping on URLs contained in chat messages, and for the attack to be successful, the victim must trigger a click event on a malicious iframe. If an iframe embedded in any website can be controlled by an attacker, this vulnerability could be exploited to capture or alter content displayed in the top frame, as well as user session information. This vulnerability affects LINE client for iOS versions below 14.9.0 and does not affect other LINE clients such as LINE client for Android. • https://hackerone.com/reports/2284129 •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22302 – WordPress Albo Pretorio Online Plugin <= 4.6.6 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2024-22302
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ignazio Scimone Albo Pretorio On line allows Stored XSS.This issue affects Albo Pretorio On line: from n/a through 4.6.6. La vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web ('Cross-site Scripting') en Ignazio Scimone Albo Pretorio On line permite XSS almacenado. Este problema afecta a Albo Pretorio On line: desde n/a hasta 4.6.6. The Albo Pretorio Online plugin for WordPress is vulnerable to Stored Cross-Site Scripting parameter in versions up to, and including, 4.6.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/albo-pretorio-on-line/wordpress-albo-pretorio-on-line-plugin-4-6-6-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2015-2968
https://notcve.org/view.php?id=CVE-2015-2968
LINE@ for Android version 1.0.0 and LINE@ for iOS version 1.0.0 are vulnerable to MITM (man-in-the-middle) attack since the application allows non-SSL/TLS communications. As a result, any API may be invoked from a script injected by a MITM (man-in-the-middle) attacker. LINE@ para Android versión 1.0.0 y LINE@ para iOS versión 1.0.0 son vulnerables al ataque MITM (man-in-the-middle) ya que la aplicación permite comunicaciones que no sean SSL/TLS. Como resultado, cualquier API puede ser invocada desde un script inyectado por un atacante MITM (man-in-the-middle). • http://official-blog.line.me/ja/archives/36495925.html https://jvn.jp/en/jp/JVN22546110 • CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2015-0897
https://notcve.org/view.php?id=CVE-2015-0897
LINE for Android version 5.0.2 and earlier and LINE for iOS version 5.0.0 and earlier are vulnerable to MITM (man-in-the-middle) attack since the application allows non-SSL/TLS communications. As a result, any API may be invoked from a script injected by a MITM (man-in-the-middle) attacker. LINE para Android versión 5.0.2 y anteriores y LINE para iOS versión 5.0.0 y anteriores son vulnerables a ataques MITM (man-in-the-middle) ya que la aplicación permite comunicaciones que no sean SSL/TLS. Como resultado, cualquier API puede ser invocada desde un script inyectado por un atacante MITM (man-in-the-middle). • http://official-blog.line.me/ja/archives/24809761.html https://jvn.jp/en/jp/JVN41281927 • CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-39040
https://notcve.org/view.php?id=CVE-2023-39040
An information leak in Cheese Cafe Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages. Una fuga de información en Cheese Cafe Line v13.6.1 permite a los atacantes obtener el token de acceso al canal y enviar mensajes manipulados. • http://cheese.com https://github.com/syz913/CVE-reports/blob/main/CVE-2023-39040.md • CWE-668: Exposure of Resource to Wrong Sphere •