PT-2012-4160 · Apple · Goodreader
Keigo Yamazaki
·
Published
2012-08-07
·
Updated
2022-08-09
·
CVE-2012-2648
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
GoodReader app versions 3.16 and earlier for iOS on the iPad
GoodReader app versions 3.15.1 and earlier for iOS on the iPhone and iPod touch
Description
The issue allows remote attackers to inject arbitrary web script or HTML via vectors involving use of the GoodReader app in conjunction with a web browser. This is a cross-site scripting (XSS) issue.
Recommendations
For GoodReader app versions 3.16 and earlier on the iPad, update to a version later than 3.16.
For GoodReader app versions 3.15.1 and earlier on the iPhone and iPod touch, update to a version later than 3.15.1.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Goodreader