Vulnerabilities
Projects
Vulnerability Disclosure
About Us
Contact Us
Mend.io Vulnerability Database
What is a WS vulnerability ID?
What is an MSC vulnerability ID?
We found results for “”
WS-2023-0183
Date: June 22, 2023
Brave iOS has two weaknesses described below. By combining them, XSS can be achieved on the privileged origin internal://local. First issue - Exposure of uuidKey through REFERER header Reader mode in Brave has two HTML templates, Reader.html and ReaderViewLoading.html. The former template defines <meta name="referrer" content="never"> header for preventing referrer leakage, but the latter template does not. Therefore, by opening an external page through ReaderViewLoading.html, the uuidKey contained in the Reader mode page URL is leaked. Second issue - XSS in SessionRestoreHandler SessionRestoreHandler is used to restore a previously used tab, but it does not validate an URL to be restored. Therefore, if a javascript: URL is provided, the code is executed on the internal: domain.
Language: Swift
Severity Score
Severity Score
Weakness Type (CWE)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-79CVSS v3.1
| Base Score: |
|
|---|---|
| Attack Vector (AV): | NETWORK |
| Attack Complexity (AC): | LOW |
| Privileges Required (PR): | LOW |
| User Interaction (UI): | REQUIRED |
| Scope (S): | CHANGED |
| Confidentiality (C): | HIGH |
| Integrity (I): | HIGH |
| Availability (A): | HIGH |