StandardDraft

CAPEC-503WebView Exposure

Abstraction
Standard
Status
Draft

Description

An adversary, through a malicious web page, accesses application specific functionality by leveraging interfaces registered through WebView's addJavascriptInterface API. Once an interface is registered to WebView through addJavascriptInterface, it becomes global and all pages loaded in the WebView can call this interface.

Related weaknesses· 1

CWE-284

Related attack patterns· 1

CAPEC-122 (ChildOf)

Exploits1

TypeTargetConfidenceTier
WeaknessImproper Access Controlcwe-284100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
WebView Injection
CAPEC
Exploit Script-Based APIs
CVE
CVE-2026-11097
CVE
CVE-2026-11295
CAPEC
Android Activity Hijack
CVE
CVE-2026-35643
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.