CVE-2024-28895

Summary

'Yahoo! JAPAN' App for Android v2.3.1 to v3.161.1 and 'Yahoo! JAPAN' App for iOS v3.2.2 to v4.109.0 contain a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the WebView of 'Yahoo! JAPAN' App via other app installed on the user's device.

Affected Software

VendorProductVersion RangeStatus
LY Corporation‘Yahoo! JAPAN’ App for Androidv2.3.1 to v3.161.1affected
LY Corporation‘Yahoo! JAPAN’ App for iOSv3.2.2 to v4.109.0affected

Weaknesses

  • Cross-site scripting (XSS)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References