CVE-2024-35298
4.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Summary
Improper authorization in handler for custom URL scheme issue in 'ZOZOTOWN' App for Android versions prior to 7.39.6 allows an attacker to lead a user to access an arbitrary website via another application installed on the user's device. As a result, the user may become a victim of a phishing attack.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| ZOZO, Inc. | ‘ZOZOTOWN’ App for Android | prior to 7.39.6 | affected |
Weaknesses
- Improper authorization in handler for custom URL scheme
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.