CVE-2017-17226

MEDIUM

TripAdvisor < TAMobileApp-24.6.4 - XSS

Title source: llm
STIX 2.1

Description

The TripAdvisor app with the versions before TAMobileApp-24.6.4 pre-installed in some Huawei mobile phones have an arbitrary URL loading vulnerability due to insufficient input validation and improper configuration. An attacker may exploit this vulnerability to invoke TripAdvisor to load a specific URL and execute malicious code contained in the URL.

References (1)

Core 1

Scores

CVSS v3 5.3
EPSS 0.0063
EPSS Percentile 45.8%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Details

CWE
CWE-20
Status published
Products (1)
tripadvisor/tamobileapp < 24.6.4
Published Mar 09, 2018
Tracked Since Feb 18, 2026