VYPR

CWE-84

Improper Neutralization of Encoded URI Schemes in a Web Page

VariantDraft

Description

The web application improperly neutralizes user-controlled input for executable script disguised with URI encodings.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (11)

  • CVE-2025-58444HigSep 8, 2025
    risk 0.49cvss epss 0.01

    The MCP inspector is a developer tool for testing and debugging MCP servers. A cross-site scripting issue was reported in versions of the MCP Inspector local development tool prior to 0.16.6 when connecting to untrusted remote MCP servers with a malicious redirect URI. This…

  • CVE-2025-25329MedFeb 27, 2025
    risk 0.36cvss 5.5epss 0.00

    An issue in Tencent Technology (Beijing) Company Limited Tencent MicroVision iOS 8.137.0 allows attackers to access sensitive user information via supplying a crafted link.

  • CVE-2025-25334MedFeb 27, 2025
    risk 0.36cvss 5.5epss 0.00

    An issue in Suning Commerce Group Suning EMall iOS 9.5.198 allows attackers to access sensitive user information via supplying a crafted link.

  • CVE-2025-25331MedFeb 27, 2025
    risk 0.36cvss 5.5epss 0.00

    An issue in Beitatong Technology LianJia iOS 9.83.50 allows attackers to access sensitive user information via supplying a crafted link.

  • CVE-2025-25330MedFeb 27, 2025
    risk 0.36cvss 5.5epss 0.00

    An issue in Boohee Technology Boohee Health iOS 13.0.13 allows attackers to access sensitive user information via supplying a crafted link.

  • CVE-2025-25326MedFeb 27, 2025
    risk 0.36cvss 5.5epss 0.00

    An issue in Merchants Union Consumer Finance Company Limited Merchants Union Finance iOS 6.19.0 allows attackers to access sensitive user information via supplying a crafted link.

  • CVE-2025-25325MedFeb 27, 2025
    risk 0.36cvss 5.5epss 0.00

    An issue in Yibin Fengguan Network Technology Co., Ltd YuPao DirectHire iOS 8.8.0 allows attackers to access sensitive user information via supplying a crafted link.

  • CVE-2025-25324MedFeb 27, 2025
    risk 0.36cvss 5.5epss 0.00

    An issue in Shandong Provincial Big Data Center AiShanDong iOS 5.0.0 allows attackers to access sensitive user information via supplying a crafted link.

  • CVE-2025-25323MedFeb 27, 2025
    risk 0.36cvss 5.5epss 0.00

    An issue in Qianjin Network Information Technology (Shanghai) Co., Ltd 51Job iOS 14.22.0 allows attackers to access sensitive user information via supplying a crafted link.

  • CVE-2024-42184LowJan 23, 2025
    risk 0.16cvss 2.5epss 0.00

    BigFix Patch Download Plug-ins are affected by insecure support for file URI scheme. It could allow a malicious operator to attempt to download files using the file:// URI scheme.

  • CVE-2026-25141Jan 30, 2026
    risk 0.00cvss epss 0.01

    Orval generates type-safe JS clients (TypeScript) from any valid OpenAPI v3 or Swagger v2 specification. Versions starting with 7.19.0 and prior to 7.21.0 and 8.2.0 have an incomplete fix for CVE-2026-23947. While the jsStringEscape function properly handles single quotes ('),…