CVE-2023-29459

MEDIUM Year: 2023
CVSS v3 Score
6.1
Medium
Weakness Type
CWE-89
View all →

Vulnerability Description

The laola.redbull application through 5.1.9-R for Android exposes the exported activity at.redbullsalzburg.android.AppMode.Default.Splash.SplashActivity, which accepts a data: URI. The target of this URI is subsequently loaded into the application's webview, thus allowing the loading of arbitrary content into the context of the application. This can occur via the fcrbs schema or an explicit intent invocation.

Related Vulnerabilities

CVE-2021-1380

MEDIUM
CVSS:6.1(Medium)

Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P...

CWE-892021

CVE-2021-1407

MEDIUM
CVSS:6.1(Medium)

Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P...

CWE-892021

CVE-2021-1408

MEDIUM
CVSS:6.1(Medium)

Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P...

CWE-892021

CVE-2021-1409

MEDIUM
CVSS:6.1(Medium)

Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P...

CWE-892021

CVE-2022-29652

MEDIUM
CVSS:6.1(Medium)

Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/classes/Users.php?f=save_client.

CWE-892022

CVE-2023-32115

MEDIUM
CVSS:6.1(Medium)

An attacker can exploit MDS COMPARE TOOL and use specially crafted inputs to read and modify database commands, resulting in the retrieval of additional information persisted by the system.

CWE-892023