| 3165 | Universal XSS in Android WebView (CVE-2020-6506) |
Universal XSS |
Google
Microsoft
Twitter |
Alesandro Ortiz (@AlesandroOrtizR) |
Bug Bounty | 2020-09-10 | 2023-06-13 |
| 1703 | When Equal is Not, Another WebView Takeover Story |
Android |
NA |
Dimitrios Valsamaras (@Ch0pin) |
Bug Bounty | 2022-03-22 | 2023-06-13 |
| 1250 | Identity Confusion in WebView-based Mobile App-in-app Ecosystems |
Android
iOS |
Alipay |
Lei Zhang, Zhibo Zhang, Ancong Liu, Yinzhi Cao, Xiaohan Zhang, Yanjun Chen, Yuan Zhang, Guangliang Yang & Min Yang |
Bug Bounty | 2022-08-11 | 2023-06-13 |
| 773 | WebView XSS, account takeover |
Webview XSS
Android
Account takeover
Improper Export of Android Application Components |
NA |
shafou |
Bug Bounty | 2022-11-26 | 2023-06-13 |
| 764 | Multiple Vulnerabilities found in Airtel Android Application |
Arbitrary Code Execution
URL validation bypass
Symlink attack
XSS
Android
Webview |
Airtel
Google |
Gaurang Bhatnagar (@hax0rgb) |
Bug Bounty | 2022-11-27 | 2023-06-13 |
| 584 | 2022 Microsoft Teams RCE |
RCE
Insecure deeplink
Webview |
Microsoft |
@adm1nkyj1 |
Bug Bounty | 2023-01-16 | 2023-06-13 |
| 427 | Escaping misconfigured VSCode extensions |
Path traversal
DNS rebinding
XSS
HTML injection
Webview
CSP bypass |
Microsoft (SARIF viewer & Live Preview) |
Vasco Franco |
Bug Bounty | 2023-02-21 | 2023-06-13 |
| 403 | Escaping well-configured VSCode extensions (for profit) |
Electron
Webview
Path traversal |
Microsoft |
Vasco Franco |
Bug Bounty | 2023-02-23 | 2023-06-13 |
| 216 | Steal authentication token with one-click on misconfigured WebView. |
Android
Webview
Account takeover |
NA |
Kerolos A. Saber (@0xWise) |
Bug Bounty | 2023-04-08 | 2023-06-13 |
