LinecorpCVEs & Vulnerabilities

86 CVEs affecting Linecorp products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

line 69armeria 5central dogma 2line music 1matsuya 1onigiriya-musubee 1regina sweets\&bakery 1tokueimaru waiting 1
CVE-2024-5739MEDIUM

The in-app browser of LINE client for iOS versions below 14.9.0 contains a Universal XSS (UXSS) vulnerability. This vulnerability allows for cross-site scripting (XSS) where arbitrary JavaScript can be executed in the top frame from an embedded iframe on any displayed web site within the in-app browser. The in-app browser is usually opened by tapping on URLs contained in chat messages, and for the attack to be successful, the victim must trigger a click event on a malicious iframe. If an iframe embedded in any website can be controlled by an attacker, this vulnerability could be exploited to capture or alter content displayed in the top frame, as well as user session information. This vulnerability affects LINE client for iOS versions below 14.9.0 and does not affect other LINE clients such as LINE client for Android. Please update LINE client for iOS to version 14.9.0 or higher.

12 Jun 2024
6.1
CVSS
CVE-2024-1735CRITICAL

A vulnerability has been identified in armeria-saml versions less than 1.27.2, allowing the use of malicious SAML messages to bypass authentication. All users who rely on armeria-saml older than version 1.27.2 must upgrade to 1.27.2 or later.

26 Feb 2024
9.1
CVSS
CVE-2024-1143MEDIUM

Central Dogma versions prior to 0.64.1 is vulnerable to Cross-Site Scripting (XSS), which could allow for the leakage of user sessions and subsequent authentication bypass.

2 Feb 2024
6.1
CVSS
CVE-2023-48129MEDIUM

An issue in kimono-oldnew mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.

26 Jan 2024
5.4
CVSS
CVE-2023-48135MEDIUM

An issue in mimasaka_farm mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.

26 Jan 2024
5.4
CVSS
CVE-2023-48133MEDIUM

An issue in angel coffee mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.

26 Jan 2024
5.4
CVSS
CVE-2023-48132MEDIUM

An issue in kosei entertainment esportsstudioLegends mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.

26 Jan 2024
5.4
CVSS
CVE-2023-48131MEDIUM

An issue in CHIGASAKI BAKERY mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.

26 Jan 2024
5.4
CVSS
CVE-2023-48130MEDIUM

An issue in GINZA CAFE mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.

26 Jan 2024
5.4
CVSS
CVE-2023-48128MEDIUM

An issue in UNITED BOXING GYM mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.

26 Jan 2024
5.4
CVSS
CVE-2023-48127MEDIUM

An issue in myGAKUYA mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.

26 Jan 2024
5.4
CVSS
CVE-2023-48126MEDIUM

An issue in Luxe Beauty Clinic mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.

26 Jan 2024
5.4
CVSS
CVE-2023-44001MEDIUM

An issue in Ailand clinic mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.

24 Jan 2024
5.4
CVSS
CVE-2023-44000MEDIUM

An issue in Otakara lapis totuka mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.

24 Jan 2024
5.4
CVSS
CVE-2023-43999MEDIUM

An issue in COLORFUL_laundry mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.

24 Jan 2024
5.4
CVSS
CVE-2023-43998MEDIUM

An issue in Books-futaba mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.

24 Jan 2024
5.4
CVSS
CVE-2023-43997MEDIUM

An issue in Yoruichi hobby base mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.

24 Jan 2024
5.4
CVSS
CVE-2023-43996MEDIUM

An issue in Q co ltd mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.

24 Jan 2024
5.4
CVSS
CVE-2023-43995MEDIUM

An issue in picot.golf mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.

24 Jan 2024
5.4
CVSS
CVE-2023-43994MEDIUM

An issue in Cleaning_makotoya mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.

24 Jan 2024
5.4
CVSS
CVE-2023-43993MEDIUM

An issue in smaregi_app_market mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.

24 Jan 2024
5.4
CVSS
CVE-2023-43992MEDIUM

An issue in STOCKMAN GROUP mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.

24 Jan 2024
5.4
CVSS
CVE-2023-43991MEDIUM

An issue in PRIMA CLINIC mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.

24 Jan 2024
5.4
CVSS
CVE-2023-43990MEDIUM

An issue in cherub-hair mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.

24 Jan 2024
5.4
CVSS
CVE-2023-43989MEDIUM

An issue in mokumoku chohu mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.

24 Jan 2024
5.4
CVSS
CVE-2023-43988MEDIUM

An issue in nature fitness saijo mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.

24 Jan 2024
5.4
CVSS
CVE-2023-45559HIGH

An issue in Tamaki_hamanoki Line v.13.6.1 allows attackers to send crafted notifications via leakage of the channel access token.

3 Jan 2024
8.2
CVSS
CVE-2023-45561MEDIUM

An issue in A-WORLD OIRASE BEER_waiting Line v.13.6.1 allows attackers to send crafted notifications via leakage of the channel access token.

3 Jan 2024
5.3
CVSS
CVE-2023-43305HIGH

An issue in studio kent mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.

8 Dec 2023
8.2
CVSS
CVE-2023-43304HIGH

An issue in PARK DANDAN mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.

7 Dec 2023
8.2
CVSS
CVE-2023-43303HIGH

An issue in craftbeer bar canvas mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token (via captured network traffic).

7 Dec 2023
8.2
CVSS
CVE-2023-43302HIGH

An issue in sanTas mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.

7 Dec 2023
8.2
CVSS
CVE-2023-43301HIGH

An issue in DARTS SHOP MAXIM mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.

7 Dec 2023
8.2
CVSS
CVE-2023-43300HIGH

An issue in urban_project mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.

7 Dec 2023
8.2
CVSS
CVE-2023-43299MEDIUM

An issue in DA BUTCHERS mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.

7 Dec 2023
5.3
CVSS
CVE-2023-43298MEDIUM

An issue in SCOL Members Card mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.

7 Dec 2023
5.3
CVSS
CVE-2023-48134HIGH

nagayama_copabowl Line 13.6.1 is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor.

16 Nov 2023
7.5
CVSS
CVE-2023-47373MEDIUM

The leakage of channel access token in DRAGON FAMILY Line 13.6.1 allows remote attackers to send malicious notifications to victims.

9 Nov 2023
6.5
CVSS
CVE-2023-47372MEDIUM

The leakage of channel access token in UPDATESALON C-LOUNGE Line 13.6.1 allows remote attackers to send malicious notifications to victims.

9 Nov 2023
6.5
CVSS
CVE-2023-47370MEDIUM

The leakage of channel access token in bluetrick Line 13.6.1 allows remote attackers to send malicious notifications to victims.

9 Nov 2023
6.5
CVSS
CVE-2023-47368MEDIUM

The leakage of channel access token in taketorinoyu Line 13.6.1 allows remote attackers to send malicious notifications to victims.

9 Nov 2023
6.5
CVSS
CVE-2023-47369MEDIUM

The leakage of channel access token in best_training_member Line 13.6.1 allows remote attackers to send malicious notifications.

9 Nov 2023
6.5
CVSS
CVE-2023-47367MEDIUM

The leakage of channel access token in platinum clinic Line 13.6.1 allows remote attackers to send malicious notifications to victims.

9 Nov 2023
6.5
CVSS
CVE-2023-47366MEDIUM

The leakage of channel access token in craft_members Line 13.6.1 allows remote attackers to send malicious notifications to victims.

9 Nov 2023
6.5
CVSS
CVE-2023-47365MEDIUM

The leakage of channel access token in Lil.OFF-PRICE STORE Line 13.6.1 allows remote attackers to send malicious notifications to victims.

9 Nov 2023
6.5
CVSS
CVE-2023-47364MEDIUM

The leakage of channel access token in nagaoka taxi Line 13.6.1 allows remote attackers to send malicious notifications to victims

9 Nov 2023
6.5
CVSS
CVE-2023-47363MEDIUM

The leakage of channel access token in F.B.P members Line 13.6.1 allows remote attackers to send malicious notifications to victims.

9 Nov 2023
6.5
CVSS
CVE-2023-38849HIGH

An issue in tire-sales Line v.13.6.1 allows a remote attacker to obtain sensitive information via crafted GET request.

26 Oct 2023
7.5
CVSS
← PrevPage 1 / 2Next →