CVE-2020-25203
Last modified
CVE-2020-25203 is a medium-severity vulnerability rated 5.5/10 on the CVSS scale. The Framer Preview application 12 for Android exposes com.framer.viewer.FramerViewActivity to other applications. By calling the intent with the action set to android.intent.action.VIEW, any other application is able to load any website/web content into the application's context, which is shown as a full-screen overlay to the user.. EPSS estimates a 0.45% chance of exploitation in the next 30 days.
Description
The Framer Preview application 12 for Android exposes com.framer.viewer.FramerViewActivity to other applications. By calling the intent with the action set to android.intent.action.VIEW, any other application is able to load any website/web content into the application's context, which is shown as a full-screen overlay to the user.
Metrics
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Framer | Framer Preview | 12.0 |
References
- http://packetstormsecurity.com/files/159264/Framer-Preview-12-Content-Injection.htmlExploit, Third Party Advisory, VDB Entry
- https://rcesecurity.comBroken Link
- http://packetstormsecurity.com/files/159264/Framer-Preview-12-Content-Injection.htmlExploit, Third Party Advisory, VDB Entry
- https://rcesecurity.comBroken Link
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-25203?
How severe is CVE-2020-25203?
How do I fix CVE-2020-25203?
Are you affected by CVE-2020-25203?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST