PT-2020-9737 · Apple · Ios App
Published
2020-02-04
·
Updated
2020-02-12
·
CVE-2019-15614
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
iOS App version 2.24.4
Description
The issue is related to missing sanitization in the iOS App, which causes a cross-site scripting (XSS) attack when opening malicious HTML files.
Recommendations
For version 2.24.4, consider avoiding the use of the app to open HTML files from untrusted sources until a fix is available. As a temporary workaround, restrict the app's ability to open HTML files to minimize the risk of exploitation.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ios App