CVE-2024-9285
Tu Yafeng Via Browser Javascript Bridge cross site scripting
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
A vulnerability was found in Tu Yafeng Via Browser up to 5.9.0 on Android. It has been rated as problematic. This issue affects some unknown processing of the component Javascript Bridge. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.
Eine Schwachstelle wurde in Tu Yafeng Via Browser bis 5.9.0 für Android ausgemacht. Sie wurde als problematisch eingestuft. Betroffen davon ist ein unbekannter Prozess der Komponente Javascript Bridge. Mittels dem Manipulieren mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung. Als bestmögliche Massnahme wird Patching empfohlen.
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2024-09-27 CVE Reserved
- 2025-02-27 CVE Published
- 2025-02-27 CVE Updated
- 2025-02-27 First Exploit
- 2025-03-31 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
- CWE-94: Improper Control of Generation of Code ('Code Injection')
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| https://modzero.com/en/advisories/mz-25-01-via-browser | Related |
| URL | Date | SRC |
|---|---|---|
| https://modzero.com/static/MZ-25-01_modzero_uXSS-in-Via-Browser.pdf | 2025-02-27 | |
| https://vuldb.com/?id.297863 | 2025-02-27 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Tu Yafeng Search vendor "Tu Yafeng" | Via Browser Search vendor "Tu Yafeng" for product "Via Browser" | 5.0 Search vendor "Tu Yafeng" for product "Via Browser" and version "5.0" | en |
Affected
| ||||||
| Tu Yafeng Search vendor "Tu Yafeng" | Via Browser Search vendor "Tu Yafeng" for product "Via Browser" | 5.1 Search vendor "Tu Yafeng" for product "Via Browser" and version "5.1" | en |
Affected
| ||||||
| Tu Yafeng Search vendor "Tu Yafeng" | Via Browser Search vendor "Tu Yafeng" for product "Via Browser" | 5.2 Search vendor "Tu Yafeng" for product "Via Browser" and version "5.2" | en |
Affected
| ||||||
| Tu Yafeng Search vendor "Tu Yafeng" | Via Browser Search vendor "Tu Yafeng" for product "Via Browser" | 5.3 Search vendor "Tu Yafeng" for product "Via Browser" and version "5.3" | en |
Affected
| ||||||
| Tu Yafeng Search vendor "Tu Yafeng" | Via Browser Search vendor "Tu Yafeng" for product "Via Browser" | 5.4 Search vendor "Tu Yafeng" for product "Via Browser" and version "5.4" | en |
Affected
| ||||||
| Tu Yafeng Search vendor "Tu Yafeng" | Via Browser Search vendor "Tu Yafeng" for product "Via Browser" | 5.5 Search vendor "Tu Yafeng" for product "Via Browser" and version "5.5" | en |
Affected
| ||||||
| Tu Yafeng Search vendor "Tu Yafeng" | Via Browser Search vendor "Tu Yafeng" for product "Via Browser" | 5.6 Search vendor "Tu Yafeng" for product "Via Browser" and version "5.6" | en |
Affected
| ||||||
| Tu Yafeng Search vendor "Tu Yafeng" | Via Browser Search vendor "Tu Yafeng" for product "Via Browser" | 5.7 Search vendor "Tu Yafeng" for product "Via Browser" and version "5.7" | en |
Affected
| ||||||
| Tu Yafeng Search vendor "Tu Yafeng" | Via Browser Search vendor "Tu Yafeng" for product "Via Browser" | 5.8 Search vendor "Tu Yafeng" for product "Via Browser" and version "5.8" | en |
Affected
| ||||||
| Tu Yafeng Search vendor "Tu Yafeng" | Via Browser Search vendor "Tu Yafeng" for product "Via Browser" | 5.9 Search vendor "Tu Yafeng" for product "Via Browser" and version "5.9" | en |
Affected
| ||||||