Primary

Context

Yahoo! Shopping App for Android Improper Authorization Vulnerability in Custom URL Scheme Handling

Vulnerability

A vulnerability exists in the Yahoo! Shopping App for Android, specifically in versions prior to 14.15.0, due to improper authorization in the handler for custom URL schemes. This flaw allows remote, unauthenticated attackers to direct users to arbitrary websites within the app, potentially leading to phishing attacks.

Impact

Exploitation of this vulnerability could result in users being directed to phishing websites, where they may be tricked into providing personal information or credentials.

Remediation

Users are advised to update the Yahoo! Shopping App for Android to the latest version available.

Added: Sep 5, 2025, 6:20 AM

Updated: Sep 5, 2025, 6:20 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.4

remediation

7.7

relevance

0.5

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.4

remediation

7.7

relevance

0.5

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Yahoo! Shopping App for Android Improper Authorization Vulnerability in Custom URL Scheme Handling

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating