Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

[Android] HTML Injection in BatterySaveArticleRenderer WebView

High
B
Brave Software
Submitted None
Actions:
View on HackerOne
Reported by bobrov

Vulnerability Details

Technical details and impact analysis

Cross-site Scripting (XSS) - Generic
## Summary: HTML Injection in BatterySaveArticleRenderer WebView. ## Products affected: * Android Brave Browser 1.9.56 ## Steps To Reproduce: * Open https://blackfan.ru/brave or html ```html <script> location="https://www.google.com/search?q=</title><h1><marquee><s>Injection<!--" </script> ``` * Wait for a full load * Click on ArticleModeButton ## Supporting Material/References: Vulnerable code: ```java public class aot ... // s7 == title if(s7 != null) { s4 = (new StringBuilder()).append(s5).append("<title>").append(s7).append("</title>").toString(); s1 = (new StringBuilder()).append(s6).append("<p style=\"font-size:").append(s1).append(";line-height:120%;font-weight:bold;margin:").append(s3).append(" 0px 12px 0px\">").append(s7).append("</p>").toString(); ... // s8 == authorName if(s8 != null) s1 = (new StringBuilder()).append("<span class=\"nowrap\"><b>").append(s8).append("</b>,</span> ").toString(); ```

Report Details

Additional information and metadata

State

Closed

Substate

Resolved

Bounty

$150.00

Submitted

Weakness

Cross-site Scripting (XSS) - Generic