PT-2021-14311 · Yappli · Yappli
Ryotak
·
Published
2021-12-28
·
Updated
2022-01-12
·
CVE-2021-20873
CVSS v3.1
8.1
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions:
Yappli versions 7.3.6 through 9.29.9
Description:
The issue concerns improper authorization in the Custom URL Scheme handler. When exploited, it may direct users to unintended sites via a specially crafted URL.
Recommendations:
For Yappli versions 7.3.6 through 9.29.9, update to version 9.30.0 or later to resolve the issue.
Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Yappli