PT-2024-21332 · Unknown · Focus For Ios
James Lee
·
Published
2024-02-22
·
Updated
2024-12-31
·
CVE-2024-26284
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Focus for iOS versions prior to 123
Description
This issue allows an attacker to conduct a Universal Cross-Site Scripting (UXSS) attack on a victim website using a 302 redirect, provided the victim has a link to the attacker's website.
Recommendations
For Focus for iOS versions prior to 123, update to version 123 or later to resolve the issue. As a temporary workaround, consider restricting links to untrusted websites to minimize the risk of exploitation.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Focus For Ios