CVE-2023-29459

MEDIUM

FC Red Bull Salzburg App < 5.1.9-r - Arbitrary Content Loading via WebView URI Handling

Title source: llm
STIX 2.1

Description

The laola.redbull application through 5.1.9-R for Android exposes the exported activity at.redbullsalzburg.android.AppMode.Default.Splash.SplashActivity, which accepts a data: URI. The target of this URI is subsequently loaded into the application's webview, thus allowing the loading of arbitrary content into the context of the application. This can occur via the fcrbs schema or an explicit intent invocation.

Scores

CVSS v3 6.1
EPSS 0.0065
EPSS Percentile 46.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-89
Status published
Products (1)
redbull/fc_red_bull_salzburg < 5.1.9-r
Published Jun 26, 2023
Tracked Since Feb 18, 2026