exploitDog

CVE-2020-25203

Опубликовано: 25 сент. 2020

Источник: nvd

CVSS3: 5.5

CVSS2: 1.9

EPSS Низкий

Описание

The Framer Preview application 12 for Android exposes com.framer.viewer.FramerViewActivity to other applications. By calling the intent with the action set to android.intent.action.VIEW, any other application is able to load any website/web content into the application's context, which is shown as a full-screen overlay to the user.

Ссылки

http://packetstormsecurity.com/files/159264/Framer-Preview-12-Content-Injection.html
Exploit
Third Party Advisory
VDB Entry
https://rcesecurity.com
Broken Link
http://packetstormsecurity.com/files/159264/Framer-Preview-12-Content-Injection.html
Exploit
Third Party Advisory
VDB Entry
https://rcesecurity.com
Broken Link

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:framer:framer_preview:12.0:*:*:*:*:android:*:*

EPSS

Процентиль: 22%

0.00071

Низкий

5.5 Medium

CVSS3

1.9 Low

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-3g45-cx6m-2pfc

github

больше 3 лет назад

The Framer Preview application 12 for Android exposes com.framer.viewer.FramerViewActivity to other applications. By calling the intent with the action set to android.intent.action.VIEW, any other application is able to load any website/web content into the application's context, which is shown as a full-screen overlay to the user.

EPSS

Процентиль: 22%

0.00071

Низкий

5.5 Medium

CVSS3

1.9 Low

CVSS2

Дефекты

NVD-CWE-Other