Whale Browser Vulnerability: Local File Access via JavaScript Replacement in HWP Viewer
CVE-2022-24075 · MEDIUM Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Whale browser before 3.12.129.18 allowed extensions to replace JavaScript files of the HWP viewer website which could access to local HWP files. When the HWP files were opened, the replaced script could read the files.
Learn more about our Web App Pen Testing.