Description
The TripAdvisor app with the versions before TAMobileApp-24.6.4 pre-installed in some Huawei mobile phones have an arbitrary URL loading vulnerability due to insufficient input validation and improper configuration. An attacker may exploit this vulnerability to invoke TripAdvisor to load a specific URL and execute malicious code contained in the URL.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180130-01-tripadvisor-en
Scores
CVSS v3
5.3
EPSS
0.0063
EPSS Percentile
45.8%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Details
CWE
CWE-20
Status
published
Products (1)
tripadvisor/tamobileapp
< 24.6.4
Published
Mar 09, 2018
Tracked Since
Feb 18, 2026