Home > Vulnerability Database > WS-2023-0183

Mend.io Vulnerability Database

WS-2023-0183

Good to know:

Date: June 22, 2023

Brave iOS has two weaknesses described below. By combining them, XSS can be achieved on the privileged origin internal://local. First issue - Exposure of uuidKey through REFERER header Reader mode in Brave has two HTML templates, Reader.html and ReaderViewLoading.html. The former template defines <meta name="referrer" content="never"> header for preventing referrer leakage, but the latter template does not. Therefore, by opening an external page through ReaderViewLoading.html, the uuidKey contained in the Reader mode page URL is leaked. Second issue - XSS in SessionRestoreHandler SessionRestoreHandler is used to restore a previously used tab, but it does not validate an URL to be restored. Therefore, if a javascript: URL is provided, the code is executed on the internal: domain.

Language: Swift

Severity Score

9.0

Related Resources (2)

Url: https://github.com/brave/brave-ios/commit/f37734464abf3e8a63834047fbe7c5bc71739f89

Url: https://www.mend.io/vulnerability-database/WS-2023-0183

Severity Score

9.0

Weakness Type (CWE)

Cross-Site Scripting (XSS)

CWE-79

Top Fix

Upgrade Version

Upgrade to version v1.34

Learn More

CVSS v3.1

Base Score:	9.0
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

WS-2023-0183

Good to know:

Date: June 22, 2023

Language: Swift

Severity Score

Related Resources (2)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?