Insufficient URL Loading Restrictions in MinigameCenter Module by Vivo
CVE-2024-13186

6.3MEDIUM

Key Information:

Vendor: Vivo
Status: Minigamecenter
Vendor: CVE Published:; 8 January 2025

Summary

The MinigameCenter module by Vivo is susceptible to vulnerabilities due to insufficient controls on URL loading, which may facilitate unauthorized access and potential information leakage. Users of the affected module should be aware of this issue and take necessary precautions to secure their data.

Affected Version(s)

MinigameCenter Versions below 2.2.4.0

References

https://www.vivo.com/en/support/security-advisory-detail?...

CVSS V4

Score:

6.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Timeline

Vulnerability published
Jan 8, 2025
Vulnerability Reserved
Jan 8, 2025