PT-2024-15684 · Facebook · Focus For Ios
James Lee
·
Published
2024-01-22
·
Updated
2024-01-30
·
CVE-2024-0606
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Focus for iOS versions prior to 122
Description
The issue allows an attacker to execute unauthorized scripts on a legitimate site through UXSS (Universal Cross-Site Scripting) by using the
window.open() function to open a JavaScript URI. This leads to unauthorized actions within the user's loaded webpage.Recommendations
For Focus for iOS versions prior to 122, update to version 122 or later to resolve the issue. As a temporary workaround, consider restricting the use of the
window.open() function with JavaScript URIs to minimize the risk of exploitation.Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Focus For Ios