cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-10474,https://securityvulnerability.io/vulnerability/CVE-2024-10474,Second-Order Alert: Incorrectly Allowing Internal Links to Utilize App Scheme for Deeplinking Could Bypass URL Safety Checks,"A security issue has been identified in Focus for iOS where the application incorrectly permits internal links to use the app scheme designated for deep linking. This misconfiguration can lead to the circumvention of established URL safety checks, potentially leaving users exposed to security risks if malicious content is linked. The affected versions of Focus are those below 132, indicating a need for immediate updates to ensure secure handling of internal links.",Mozilla,Focus For iOS,6.5,MEDIUM,0.0004799999878741801,false,,false,false,false,,,false,false,,2024-10-29T12:19:20.120Z,0
CVE-2024-1563,https://securityvulnerability.io/vulnerability/CVE-2024-1563,Unauthorized Script Execution Vulnerability in Focus for iOS,"This vulnerability allows an attacker to execute unauthorized scripts on top origin sites by manipulating a JavaScript URI when opening an external URL via a custom Firefox scheme and leveraging a timeout race condition. The flaw predominantly affects Focus for iOS versions prior to 122, posing significant security concerns for users.",Mozilla,Focus For Ios,8.1,HIGH,0.0010499999625608325,false,,false,false,false,,,false,false,,2024-02-22T14:56:42.888Z,0
CVE-2024-26284,https://securityvulnerability.io/vulnerability/CVE-2024-26284,Universal Cross-Site Scripting (UXSS) Vulnerability Affects Focus for iOS Prior to Version 123,"Utilizing a 302 redirect, an attacker could have conducted a Universal Cross-Site Scripting (UXSS) on a victim website, if the victim had a link to the attacker's website. This vulnerability affects Focus for iOS < 123.",Mozilla,Focus For iOS,6.1,MEDIUM,0.0005300000193528831,false,,false,false,false,,,false,false,,2024-02-22T14:56:42.004Z,0
CVE-2024-0606,https://securityvulnerability.io/vulnerability/CVE-2024-0606,Unauthorized Script Execution Vulnerability in Focus for iOS by Mozilla,"A security flaw in Focus for iOS allows attackers to execute unauthorized scripts on legitimate sites by leveraging window.open() in connection with JavaScript URIs. This exploitation can lead to unauthorized actions on the user's webpage, potentially compromising user data and privacy. The affected versions include all versions prior to 122, necessitating users to update to ensure robust security against such attacks.",Mozilla,Focus for iOS,6.1,MEDIUM,0.0006300000241026282,false,,false,false,false,,,false,false,,2024-01-22T18:23:25.606Z,0
CVE-2024-0605,https://securityvulnerability.io/vulnerability/CVE-2024-0605,Race Condition Vulnerability in Focus for iOS by Mozilla,"A vulnerability in Focus for iOS allows attackers to exploit a race condition involving a javascript: URI and a setTimeout function. This exploitation can lead to unauthorized script execution on top origin sites in the URL bar, effectively bypassing existing security measures. As a result, attackers can gain the ability to execute arbitrary code or perform unauthorized actions on the user's webpage. This poses significant risks to user data integrity and web security for users running the affected versions of Focus for iOS.",Mozilla,Focus for iOS,7.5,HIGH,0.00203999993391335,false,,false,false,false,,,false,false,,2024-01-22T18:23:24.614Z,0