The TripAdvisor app with the versions before TAMobileApp-24.6.4 pre-installed in some Huawei mobile phones have an arbitrary URL loading vulnerability due to insufficient input validation and improper configuration. An attacker may exploit this vulnerability to invoke TripAdvisor to load a specific URL and execute malicious code contained in the URL.
References
Link | Resource |
---|---|
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180130-01-tripadvisor-en | Vendor Advisory |
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180130-01-tripadvisor-en | Vendor Advisory |
Configurations
History
21 Nov 2024, 03:17
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180130-01-tripadvisor-en - Vendor Advisory |
Information
Published : 2018-03-09 17:29
Updated : 2024-11-21 03:17
NVD link : CVE-2017-17226
Mitre link : CVE-2017-17226
CVE.ORG link : CVE-2017-17226
JSON object : View
Products Affected
tripadvisor
- tamobileapp
CWE
CWE-20
Improper Input Validation