CVE-2019-9140
HIGHHappypoint <= 6.3.19 - URL Redirection and JavaScript Execution via Deeplink Scheme
Title source: llmDescription
When processing Deeplink scheme, Happypoint mobile app 6.3.19 and earlier versions doesn't check Deeplink URL correctly. This could lead to javascript code execution, url redirection, sensitive information disclosure. An attacker can exploit this issue by enticing an unsuspecting user to open a specific malicious URL.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_confirm
https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35103
Scores
CVSS v3
8.1
EPSS
0.0118
EPSS Percentile
63.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Details
CWE
CWE-601
CWE-94
Status
published
Products (1)
happypointcard/happypoint
6.3.19
Published
Aug 01, 2019
Tracked Since
Feb 18, 2026