Tiktok

tiktok

3 CVEs • 2 products

Products (2)

Click to collapse

Toggle

CVEs (3)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-28799 1Tiktok 1Tiktok Nov 21, 2024 Jun 2, 2022 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The TikTok application before 23.7.3 for Android allows account takeover. A crafted URL (unvalidated deeplink) can force the com.zhiliaoapp.musically WebView to load an arbitrary website. This may allow an attacker to le...Show more The TikTok application before 23.7.3 for Android allows account takeover. A crafted URL (unvalidated deeplink) can force the com.zhiliaoapp.musically WebView to load an arbitrary website. This may allow an attacker to leverage an attached JavaScript interface for the takeover with one click.Show less
CVE-2019-14319 1Tiktok 1Tiktok Nov 21, 2024 Sep 4, 2019 N/A· v4 6.5 MEDIUM· v3 3.3 LOW· v2 The TikTok (formerly Musical.ly) application 12.2.0 for Android and iOS performs unencrypted transmission of images, videos, and likes. This allows an attacker to extract private sensitive information by sniffing network...Show more The TikTok (formerly Musical.ly) application 12.2.0 for Android and iOS performs unencrypted transmission of images, videos, and likes. This allows an attacker to extract private sensitive information by sniffing network traffic.Show less
CVE-2017-13101 1Tiktok 1Musical.ly Nov 21, 2024 Aug 15, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Musical.ly Inc., musical.ly - your video social network, 6.1.6, 2017-10-03, iOS application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key.