CVE-2013-3647
Last modified
CVE-2013-3647 is a vulnerability of currently unknown severity. The WebView class in the Cybozu Live application before 2.0.1 for Android allows attackers to execute arbitrary JavaScript code, and obtain sensitive information, via a crafted application that places this code into a local file associated with a file: URL. NOTE: this vulnerability exists because of a CVE-2012-4009 regression.. EPSS estimates a 1.08% chance of exploitation in the next 30 days.
Description
The WebView class in the Cybozu Live application before 2.0.1 for Android allows attackers to execute arbitrary JavaScript code, and obtain sensitive information, via a crafted application that places this code into a local file associated with a file: URL. NOTE: this vulnerability exists because of a CVE-2012-4009 regression.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Cybozu | Cybozu Live | <= 2.0.0 |
| Cybozu | Cybozu Live | 1.0.4 |
References
- http://jvndb.jvn.jp/jvndb/JVNDB-2013-000060Vendor Advisory
- https://live.cybozu.co.jp/trouble.html?q=2530Vendor Advisory
- http://jvndb.jvn.jp/jvndb/JVNDB-2013-000060Vendor Advisory
- https://live.cybozu.co.jp/trouble.html?q=2530Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2013-3647?
How severe is CVE-2013-3647?
How do I fix CVE-2013-3647?
Are you affected by CVE-2013-3647?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST