CVE-2017-20041

MEDIUM

UC Browser 11.2.5.932 - Improper Restriction of Rendered UI Layers via Title Argument

Title source: llm
STIX 2.1

Description

A vulnerability was found in Ucweb UC Browser 11.2.5.932. It has been classified as critical. Affected is an unknown function of the component HTML Handler. The manipulation of the argument title leads to improper restriction of rendered ui layers (URL). It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

References (2)

Core 2
Core References
Exploit, Mailing List, Third Party Advisory x_refsource_misc
http://seclists.org/fulldisclosure/2017/Mar/36
Exploit, Permissions Required, Third Party Advisory x_refsource_misc
https://vuldb.com/?id.98214

Scores

CVSS v3 5.4
EPSS 0.0065
EPSS Percentile 46.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-1021
Status published
Products (1)
ucweb/uc_browser 11.2.5.932
Published Jun 13, 2022
Tracked Since Feb 18, 2026