Lynxview JS interfaces Takeover via deeplink traversal
High
T
TikTok
Submitted None
Team Summary
Official summary from TikTok
Multiple vulnerabilities could have been chained together resulting in the takeover of Javascript interfaces via the application's exposed Webview. This was only applicable to older versions of the Android application. We thank @fr4via for reporting this to our team and confirming its remediation.
Actions:
Reported by
fr4via
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Cross-site Scripting (XSS) - DOM