What is the severity of CVE-2024-5739?

CVE-2024-5739 is classified as a high severity vulnerability due to the potential for arbitrary JavaScript execution.

How do I fix CVE-2024-5739?

To mitigate CVE-2024-5739, users should update the LINE client for iOS to version 14.9.0 or later.

Who is affected by CVE-2024-5739?

CVE-2024-5739 affects users of the LINE client for iOS versions prior to 14.9.0.

What type of vulnerability is CVE-2024-5739?

CVE-2024-5739 is a Universal Cross-Site Scripting (UXSS) vulnerability.

How can CVE-2024-5739 be exploited?

CVE-2024-5739 can be exploited by executing arbitrary JavaScript in the top frame from an embedded iframe within the in-app browser.

Vulnerability/
CVE-2024-5739

medium

6.4

CWE

EPSS

0.043%

12/6/2024

20/2/2025

CVE-2024-5739: XSS

First published: Wed Jun 12 2024(Updated: )

The in-app browser of LINE client for iOS versions below 14.9.0 contains a Universal XSS (UXSS) vulnerability. This vulnerability allows for cross-site scripting (XSS) where arbitrary JavaScript can be executed in the top frame from an embedded iframe on any displayed web site within the in-app browser. The in-app browser is usually opened by tapping on URLs contained in chat messages, and for the attack to be successful, the victim must trigger a click event on a malicious iframe. If an iframe embedded in any website can be controlled by an attacker, this vulnerability could be exploited to capture or alter content displayed in the top frame, as well as user session information. This vulnerability affects LINE client for iOS versions below 14.9.0 and does not affect other LINE clients such as LINE client for Android. Please update LINE client for iOS to version 14.9.0 or higher.

Credit: dl_cve@linecorp.com

Affected Software	Affected Version	How to fix
LINE	<14.9.0

Never miss a vulnerability like this again

Reference Links

https://hackerone.com/reports/2284129

Frequently Asked Questions

What is the severity of CVE-2024-5739?
CVE-2024-5739 is classified as a high severity vulnerability due to the potential for arbitrary JavaScript execution.
How do I fix CVE-2024-5739?
To mitigate CVE-2024-5739, users should update the LINE client for iOS to version 14.9.0 or later.
Who is affected by CVE-2024-5739?
CVE-2024-5739 affects users of the LINE client for iOS versions prior to 14.9.0.
What type of vulnerability is CVE-2024-5739?
CVE-2024-5739 is a Universal Cross-Site Scripting (UXSS) vulnerability.
How can CVE-2024-5739 be exploited?
CVE-2024-5739 can be exploited by executing arbitrary JavaScript in the top frame from an embedded iframe within the in-app browser.

agent/weakness
agent/first-publish-date
agent/type
agent/author
agent/event
agent/references
agent/description
agent/severity
collector/epss-latest
source/FIRST
agent/epss
collector/nvd-api
source/NVD
agent/source
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/tags
agent/softwarecombine
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/line
canonical/line

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.