Qingdao Metro
Monthly
An issue in the export component AdSdkH5Activity of com.sdjictec.qdmetro v4.2.2 allows attackers to open a crafted URL without any filtering or checking. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
An issue in the export component AdSdkH5Activity of com.sdjictec.qdmetro v4.2.2 allows attackers to open a crafted URL without any filtering or checking. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.