CWE-84
Improper Neutralization of Encoded URI Schemes in a Web Page
VariantDraft
Description
The web application improperly neutralizes user-controlled input for executable script disguised with URI encodings.
Hierarchy (View 1000)
Parents
Children
none
CVEs mapped to this weakness (10)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-58444 | Hig | 0.49 | — | 0.00 | Sep 8, 2025 | The MCP inspector is a developer tool for testing and debugging MCP servers. A cross-site scripting issue was reported in versions of the MCP Inspector local development tool prior to 0.16.6 when connecting to untrusted remote MCP servers with a malicious redirect URI. This could be leveraged to interact directly with the inspector proxy to trigger arbitrary command execution. Users are advised to update to 0.16.6 to resolve this issue. | |
| CVE-2025-25329 | Med | 0.36 | 5.5 | 0.00 | Feb 27, 2025 | An issue in Tencent Technology (Beijing) Company Limited Tencent MicroVision iOS 8.137.0 allows attackers to access sensitive user information via supplying a crafted link. | |
| CVE-2025-25334 | Med | 0.36 | 5.5 | 0.00 | Feb 27, 2025 | An issue in Suning Commerce Group Suning EMall iOS 9.5.198 allows attackers to access sensitive user information via supplying a crafted link. | |
| CVE-2025-25331 | Med | 0.36 | 5.5 | 0.00 | Feb 27, 2025 | An issue in Beitatong Technology LianJia iOS 9.83.50 allows attackers to access sensitive user information via supplying a crafted link. | |
| CVE-2025-25330 | Med | 0.36 | 5.5 | 0.00 | Feb 27, 2025 | An issue in Boohee Technology Boohee Health iOS 13.0.13 allows attackers to access sensitive user information via supplying a crafted link. | |
| CVE-2025-25326 | Med | 0.36 | 5.5 | 0.00 | Feb 27, 2025 | An issue in Merchants Union Consumer Finance Company Limited Merchants Union Finance iOS 6.19.0 allows attackers to access sensitive user information via supplying a crafted link. | |
| CVE-2025-25325 | Med | 0.36 | 5.5 | 0.00 | Feb 27, 2025 | An issue in Yibin Fengguan Network Technology Co., Ltd YuPao DirectHire iOS 8.8.0 allows attackers to access sensitive user information via supplying a crafted link. | |
| CVE-2025-25324 | Med | 0.36 | 5.5 | 0.00 | Feb 27, 2025 | An issue in Shandong Provincial Big Data Center AiShanDong iOS 5.0.0 allows attackers to access sensitive user information via supplying a crafted link. | |
| CVE-2025-25323 | Med | 0.36 | 5.5 | 0.00 | Feb 27, 2025 | An issue in Qianjin Network Information Technology (Shanghai) Co., Ltd 51Job iOS 14.22.0 allows attackers to access sensitive user information via supplying a crafted link. | |
| CVE-2024-42184 | Low | 0.16 | 2.5 | 0.00 | Jan 23, 2025 | BigFix Patch Download Plug-ins are affected by insecure support for file URI scheme. It could allow a malicious operator to attempt to download files using the file:// URI scheme. |