CVE-2013-3647

Name of the Vulnerable Software and Affected Versions Cybozu Live application versions prior to 2.0.1

Description The issue in the Cybozu Live application allows attackers to execute arbitrary JavaScript code and obtain sensitive information. This is achieved by a crafted application placing malicious code into a local file associated with a file: URL.

Recommendations For versions prior to 2.0.1, update to version 2.0.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the WebView class until a patch is available.