Описание
An issue was discovered in the Readdle Documents app before 6.9.7 for iOS. The application's file-transfer web server allows for cross-origin requests from any domain, and the WebSocket server lacks authorization control. Any web site can execute JavaScript code (that accesses a user's data) via cross-origin requests.
Ссылки
- ProductRelease Notes
- ExploitThird Party Advisory
- ProductRelease Notes
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 6.9.7 (исключая)
cpe:2.3:a:readdle:documents:*:*:*:*:*:iphone_os:*:*
EPSS
Процентиль: 44%
0.00213
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-862
Связанные уязвимости
github
больше 3 лет назад
An issue was discovered in the Readdle Documents app before 6.9.7 for iOS. The application's file-transfer web server allows for cross-origin requests from any domain, and the WebSocket server lacks authorization control. Any web site can execute JavaScript code (that accesses a user's data) via cross-origin requests.
EPSS
Процентиль: 44%
0.00213
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-862