| Max CVSS | 9.3 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2012-6636 | 6.8 |
The Android API before 17 does not properly restrict the WebView.addJavascriptInterface method, which allows remote attackers to execute arbitrary methods of Java objects by using the Java Reflection API within crafted JavaScript code that is loaded
|
28-07-2020 - 05:15 | 03-03-2014 - 04:50 | |
| CVE-2014-1939 | 7.5 |
java/android/webkit/BrowserFrame.java in Android before 4.4 uses the addJavascriptInterface API in conjunction with creating an object of the SearchBoxImpl class, which allows attackers to execute arbitrary Java code by leveraging access to the searc
|
26-05-2016 - 12:22 | 03-03-2014 - 04:50 | |
| CVE-2016-4783 | 4.3 |
Cross-site scripting (XSS) vulnerability in Lenovo SHAREit before 3.5.98_ww on Android before 4.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Universal XSS (UXSS)."
|
25-05-2016 - 18:22 | 23-05-2016 - 19:59 | |
| CVE-2016-4782 | 9.3 |
Lenovo SHAREit before 3.5.98_ww on Android before 4.2 allows remote attackers to have unspecified impact via a crafted intent: URL, aka an "intent scheme URL attack."
|
25-05-2016 - 18:20 | 23-05-2016 - 19:59 |