PT-2020-16015 · Framer · Framer Preview

Published

2020-09-25

Updated

2020-10-06

CVE-2020-25203

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Framer Preview application version 12 for Android

Description The issue allows other applications to load any website or web content into the Framer Preview application's context by calling the intent with the action set to android.intent.action.VIEW. This results in the loaded content being displayed as a full-screen overlay to the user.

Recommendations For Framer Preview application version 12, consider restricting access to the com.framer.viewer.FramerViewActivity to prevent other applications from loading arbitrary web content into the application's context. As a temporary workaround, restrict the use of the intent with the action set to android.intent.action.VIEW to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2020-25203

Affected Products

Framer Preview

PT-2020-16015 · Framer · Framer Preview

CVE-2020-25203

Related Identifiers

Affected Products

References · 4