CVE-2024-31974

MEDIUM Year: 2024
CVSS v3 Score
6.3
Medium
Weakness Type
CWE-94
View all →

Vulnerability Description

The com.solarized.firedown (aka Solarized FireDown Browser & Downloader) application 1.0.76 for Android allows a remote attacker to execute arbitrary JavaScript code via a crafted intent. com.solarized.firedown.IntentActivity uses a WebView component to display web content and doesn't adequately sanitize the URI or any extra data passed in the intent by any installed application (with no permissions).

Related Vulnerabilities

CVE-2017-18468

MEDIUM
CVSS:6.3(Medium)

cPanel before 62.0.17 allows demo accounts to execute code via the Htaccess::setphppreference API (SEC-232).

CWE-942017

CVE-2018-20931

MEDIUM
CVSS:6.3(Medium)

cPanel before 70.0.23 allows demo accounts to execute code via the Landing Page (SEC-405).

CWE-942018

CVE-2019-1577

MEDIUM
CVSS:6.3(Medium)

Code injection vulnerability in Palo Alto Networks Traps 5.0.5 and earlier may allow an authenticated attacker to inject arbitrary JavaScript or HTML.

CWE-942019

CVE-2020-11056

MEDIUM
CVSS:6.3(Medium)

In Sprout Forms before 3.9.0, there is a potential Server-Side Template Injection vulnerability when using custom fields in Notification Emails which could lead to the execution of Twig code. This has...

CWE-942020

CVE-2023-26877

MEDIUM
CVSS:6.3(Medium)

File upload vulnerability found in Softexpert Excellence Suite v.2.1 allows attackers to execute arbitrary code via a .php file upload to the form/efms_exec_html/file_upload_parser.php endpoint.

CWE-942023

CVE-2023-27897

MEDIUM
CVSS:6.3(Medium)

In SAP CRM - versions 700, 701, 702, 712, 713, an attacker who is authenticated with a non-administrative role and a common remote execution authorization can use a vulnerable interface to execute an ...

CWE-942023