13.0.8

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

LOW

Availability impact

NONE

network

low complexity

ucweb

NVD

Published: 2020-10-20

Updated: 2020-10-28

Summary

User Interface (UI) Misrepresentation of Critical Information vulnerability in the address bar of UCWeb's UC Browser allows an attacker to obfuscate the true source of data as presented in the browser. This issue affects UCWeb's UC Browser version 13.0.8 and prior versions.

Vulnerable Configurations

Part	Description	Count
Application	Ucweb Ucweb UC Browser - Ucweb UC Browser 11.2.5.932 Ucweb UC Browser 13.0.8	3

References

https://www.rafaybaloch.com/2020/10/multiple-address-bar-spoofing-vulnerabilities.html
https://blog.rapid7.com/2020/10/20/vulntober-multiple-mobile-browser-address-bar-spoofing-vulnerabilities/