Description
Whale browser before 3.12.129.18 allowed extensions to replace JavaScript files of the HWP viewer website which could access to local HWP files. When the HWP files were opened, the replaced script could read the files.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://cve.naver.com/detail/cve-2022-24075
Scores
CVSS v3
6.5
EPSS
0.0085
EPSS Percentile
53.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Details
CWE
CWE-552
Status
published
Products (1)
navercorp/whale
< 3.12.129.18
Published
Mar 17, 2022
Tracked Since
Feb 18, 2026