Lucene search
MarioEDB-ID:28555HistorySep 25, 2013 - 12:00 a.m.
Good for Enterprise 2.2.2.1611 - Cross-Site Scripting
2013-09-2500:00:00
Mario
www.exploit-db.com
16
6.6 Medium
AI Score
Confidence
Low
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.002 Low
EPSS
Percentile
61.4%
The vulnerable versions are v2.2.2.1611 and earlier
Proof of Concept:
HTML Email including the following payload will execute Javascript statements when the victim open the email using the vulnerable version.
Payload:
<body>
<div>
<script>alert('XSS Here')</script>
</div>
</body>
Remediation:
I worked with the Good people to close the issue, I provided some guidance and feedback and agreed with them to not disclose it until they fix it.
The new release is now available:
Update the "Good for Enterprise" iOS application to 2.2.4.1659 or newer
References:
https://www.roblest.com/#research:CVE-2013-5118
Can the comunity please provide feedback and comments in order to ensure the fix is working well
Many thanks
MarioRelated
seebug
seebug
Good for Enterprise 2.2.2.1611 - XSS Vulnerability
2014-07-01 00:00:00
zdt
zdt
Good for Enterprise 2.2.2.1611 - XSS Vulnerability
2013-09-25 00:00:00
cve
cve
CVE-2013-5118
2013-09-25 10:31:00
prion
prion
Cross site scripting
2013-09-25 10:31:00
packetstorm
packetstorm
Good For Enterprise 2.2.2.1611 Cross Site Scripting
2013-09-24 00:00:00
exploitpack
exploitpack
Good for Enterprise 2.2.2.1611 - Cross-Site Scripting
2013-09-25 00:00:00
securityvulns
securityvulns
CVE-2013-5118 - XSS Good for Enterprise iOS
2013-10-01 00:00:00
cvelist
cvelist
CVE-2013-5118
2022-10-03 16:14:55
6.6 Medium
AI Score
Confidence
Low
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.002 Low
EPSS
Percentile
61.4%
Related for EDB-ID:28555