Refine your search
3 vulnerabilities found for applican by Newphoria Corporation
jvndb-2015-000178
Vulnerability from jvndb
Published
2015-11-17 14:20
Modified
2015-11-24 18:03
Summary
applican vulnerable to script injection
Details
applican provided by Newphoria Corporation Inc. is a platform to build hybrid applications for both iOS and Android. applican is vulnerable to script injection due to an issue in processing SSID.
Note that this vulnerability is different from JVN#64625488.
Kenta Suefusa and Tomonori Shiomi of Sprout Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000178.html",
"dc:date": "2015-11-24T18:03+09:00",
"dcterms:issued": "2015-11-17T14:20+09:00",
"dcterms:modified": "2015-11-24T18:03+09:00",
"description": "applican provided by Newphoria Corporation Inc. is a platform to build hybrid applications for both iOS and Android. applican is vulnerable to script injection due to an issue in processing SSID.\r\n\r\nNote that this vulnerability is different from JVN#64625488.\r\n\r\nKenta Suefusa and Tomonori Shiomi of Sprout Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000178.html",
"sec:cpe": {
"#text": "cpe:/a:newphoria_corporation:applican",
"@product": "applican",
"@vendor": "Newphoria Corporation",
"@version": "2.2"
},
"sec:cvss": {
"@score": "5.4",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:A/AC:M/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2015-000178",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN71088919/index.html",
"@id": "JVN#71088919",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7771",
"@id": "CVE-2015-7771",
"@source": "CVE"
},
{
"#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7771",
"@id": "CVE-2015-7771",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-20",
"@title": "Improper Input Validation(CWE-20)"
}
],
"title": "applican vulnerable to script injection"
}
jvndb-2015-000179
Vulnerability from jvndb
Published
2015-11-17 14:20
Modified
2015-11-24 18:03
Summary
applican vulnerable to script injection
Details
applican provided by Newphoria Corporation Inc. is a platform to build hybrid applications for both iOS and Android. applican is vulnerable to script injection due to an issue in proccessing URL.
Note that this vulnerability is different from JVN#71088919.
Kenta Suefusa and Tomonori Shiomi of Sprout Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000179.html",
"dc:date": "2015-11-24T18:03+09:00",
"dcterms:issued": "2015-11-17T14:20+09:00",
"dcterms:modified": "2015-11-24T18:03+09:00",
"description": "applican provided by Newphoria Corporation Inc. is a platform to build hybrid applications for both iOS and Android. applican is vulnerable to script injection due to an issue in proccessing URL.\r\n\r\nNote that this vulnerability is different from JVN#71088919.\r\n\r\nKenta Suefusa and Tomonori Shiomi of Sprout Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000179.html",
"sec:cpe": {
"#text": "cpe:/a:newphoria_corporation:applican",
"@product": "applican",
"@vendor": "Newphoria Corporation",
"@version": "2.2"
},
"sec:cvss": {
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2015-000179",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN64625488/index.html",
"@id": "JVN#64625488",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7772",
"@id": "CVE-2015-7772",
"@source": "CVE"
},
{
"#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7772",
"@id": "CVE-2015-7772",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-20",
"@title": "Improper Input Validation(CWE-20)"
}
],
"title": "applican vulnerable to script injection"
}
jvndb-2015-000130
Vulnerability from jvndb
Published
2015-09-16 16:58
Modified
2015-10-14 16:30
Summary
applican vulnerable to URL whitelist bypass
Details
applican provided by Newphoria Corporation Inc. is a platform to build hybrid applications for both iOS and Android. applican provides a whitelisting function (whitelist.xml) to limit the URLs that applications can access. However, if the application is launched using the URL-scheme, the access restriction is bypassed and URLs that are not whitelisted can be accessed. If an API of applican framework is specified in the URL, the API will be called in the context of the URL.
Kenta Suefusa and Tomonori Shiomi of Sprout Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000130.html",
"dc:date": "2015-10-14T16:30+09:00",
"dcterms:issued": "2015-09-16T16:58+09:00",
"dcterms:modified": "2015-10-14T16:30+09:00",
"description": "applican provided by Newphoria Corporation Inc. is a platform to build hybrid applications for both iOS and Android. applican provides a whitelisting function (whitelist.xml) to limit the URLs that applications can access. However, if the application is launched using the URL-scheme, the access restriction is bypassed and URLs that are not whitelisted can be accessed. If an API of applican framework is specified in the URL, the API will be called in the context of the URL.\r\n\r\nKenta Suefusa and Tomonori Shiomi of Sprout Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000130.html",
"sec:cpe": {
"#text": "cpe:/a:newphoria_corporation:applican",
"@product": "applican",
"@vendor": "Newphoria Corporation",
"@version": "2.2"
},
"sec:cvss": {
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2015-000130",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN73346595/index.html",
"@id": "JVN#73346595",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5632",
"@id": "CVE-2015-5632",
"@source": "CVE"
},
{
"#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5632",
"@id": "CVE-2015-5632",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
}
],
"title": "applican vulnerable to URL whitelist bypass"
}