CVE-2017-17226

EUVD-2017-8392
The TripAdvisor app with the versions before TAMobileApp-24.6.4 pre-installed in some Huawei mobile phones have an arbitrary URL loading vulnerability due to insufficient input validation and improper configuration. An attacker may exploit this vulnerability to invoke TripAdvisor to load a specific URL and execute malicious code contained in the URL.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.3 MEDIUM
LOCAL
LOW
NONE
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 39%
Affected Products (NVD)
VendorProductVersion
tripadvisortamobileapp
𝑥
< 24.6.4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180130-01-tripadvisor-en
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180130-01-tripadvisor-en