1 results (0.001 seconds)
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5739
https://notcve.org/view.php?id=CVE-2024-5739
12 Jun 2024 — The in-app browser of LINE client for iOS versions below 14.9.0 contains a Universal XSS (UXSS) vulnerability. This vulnerability allows for cross-site scripting (XSS) where arbitrary JavaScript can be executed in the top frame from an embedded iframe on any displayed web site within the in-app browser. The in-app browser is usually opened by tapping on URLs contained in chat messages, and for the attack to be successful, the victim must trigger a click event on a malicious iframe. If an iframe embedded in ... • https://hackerone.com/reports/2284129 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •