Skip to content
cyberexploits
webapphardwaretext

Good for Enterprise 2.2.2.1611 - Cross-Site Scripting

Good for Enterprise 2.2.2.1611 - Cross-Site Scripting

Publié le 2013-09-25

Code source

Épinglé au commit 7eac4c3a2ce5
textplatforms/hardware/webapps/28555.txt7eac4c3a
raw
The vulnerable versions are v2.2.2.1611 and earlier

 

Proof of Concept:

HTML Email including the following payload will execute Javascript statements when the victim open the email using the vulnerable version.

 

Payload:

<body>

<div>

<script>alert('XSS Here')</script>

</div>

</body>

 

Remediation:

I worked with the Good people to close the issue, I provided some guidance and feedback and agreed with them to not disclose it until they fix it.



The new release is now available:

Update the "Good for Enterprise" iOS application to 2.2.4.1659 or newer

 

References:

https://www.roblest.com/#research:CVE-2013-5118 



Can the comunity please provide feedback and comments in order to ensure the fix is working well



Many thanks



Mario
Voir sur GitHub