Cross Site Scripting in LINE Client for iOS
CVE-2021-36214

6.1MEDIUM

Key Information:

Vendor

Line Corporation

Status
Line Client For iOS
Vendor
CVE Published:
13 July 2021

What is CVE-2021-36214?

The LINE Client for iOS, prior to version 10.16.3, is susceptible to a Cross Site Scripting (XSS) vulnerability. This issue arises due to improper handling of specific headers within the WebView component, allowing attackers to inject malicious scripts. Exploitation of this vulnerability can lead to unauthorized access to sensitive information within user sessions, posing a significant risk to user data security.

Affected Version(s)

LINE client for iOS <

References

https://hackerone.com/reports/988332
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.