Skip to main content

Whale CVE-2025-53599

| EUVDEUVD-2025-19934 CRITICAL
Cross-site Scripting (XSS) (CWE-79)
2025-07-04 cve@navercorp.com
9.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
EUVD ID Assigned
Mar 16, 2026 - 02:42 euvd
EUVD-2025-19934
Analysis Generated
Mar 16, 2026 - 02:42 vuln.today
CVE Published
Jul 04, 2025 - 08:15 nvd
CRITICAL 9.8

DescriptionCVE.org

Whale browser for iOS before 3.9.1.4206 allow an attacker to execute malicious scripts in the browser via a crafted javascript scheme.

Analysis

Whale browser for iOS before 3.9.1.4206 allow an attacker to execute malicious scripts in the browser via a crafted javascript scheme.

Technical ContextAI

Cross-site scripting (XSS) allows injection of client-side scripts into web pages viewed by other users due to insufficient output encoding.

RemediationAI

Encode all user-supplied output contextually (HTML, JS, URL). Implement Content Security Policy (CSP) headers. Use HTTPOnly and Secure cookie flags.

More in Whale

View all
CVE-2022-24074 CRITICAL
9.8 Mar 17

Whale Bridge, a default extension in Whale browser before 3.12.129.18, allowed to receive any SendMessage request from t

CVE-2018-9859 HIGH
8.1 Jun 16

The path of Whale update service was unquoted in NAVER Whale before 1.0.40.7. Rated high severity (CVSS 8.1), this vulne

CVE-2018-12449 HIGH
7.8 Oct 11

The Whale browser installer 0.4.3.0 and earlier versions allows DLL hijacking. Rated high severity (CVSS 7.8), this vuln

CVE-2025-53600 HIGH
7.5 Jul 04

Whale browser before 4.32.315.22 allow an attacker to bypass the Same-Origin Policy in a dual-tab environment.

CVE-2022-24073 HIGH
7.1 Mar 17

The Web Request API in Whale browser before 3.12.129.18 allowed to deny access to the extension store or redirect to any

CVE-2022-24075 MEDIUM
6.5 Mar 17

Whale browser before 3.12.129.18 allowed extensions to replace JavaScript files of the HWP viewer website which could ac

CVE-2022-24072 MEDIUM
6.1 Mar 17

The devtools API in Whale browser before 3.12.129.18 allowed extension developers to inject arbitrary JavaScript into th

CVE-2021-33593 MEDIUM
5.3 Nov 02

Whale browser for iOS before 1.14.0 has an inconsistent user interface issue that allows an attacker to obfuscate the ad

CVE-2018-12448 MEDIUM
5.3 Aug 02

Whale Browser before 1.3.48.4 displays no URL information but only a title of a web page on the browser's address bar wh

CVE-2018-7635 MEDIUM
5.3 Jul 03

Whale Browser before 1.0.41.8 displays no URL information but only a title of a web page on the browser's address bar wh

Share

CVE-2025-53599 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy