CVE-2019-12366

The Nine application through 4.5.3a for Android allows XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READ_EXTERNAL_STORAGE permission.
References
Link Resource
http://release-notes.9folders.com/ Release Notes Vendor Advisory
https://gubello.me Third Party Advisory
https://www.gubello.me/blog/javascript-injection-in-six-android-mail-clients/ Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:9folders:nine:*:*:*:*:*:android:*:*

Information

Published : 2020-03-18 19:15

Updated : 2020-03-19 17:46


NVD link : CVE-2019-12366

Mitre link : CVE-2019-12366


JSON object : View

Products Affected

9folders

  • nine
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')