HackApp vulnerability scanner discovered that application رسائل راس السنة و العام الجديد published at the ‘play’ market has multiple vulnerabilities.
WebView 'setJavaScriptEnabled(true)' could be exploited during cross-site scripting attacks.
Code for 'DexClassLoader' could be tampered.
Control of WebView context allows to access local files.
SD-cards and other external storages have 'worldwide read' policy.
Were do they point?
Are you sure these files should be here?
All items deleted with 'file.delete()' could be recovered.
CPE | Name | Operator | Version |
---|---|---|---|
رسائل راس السنة و العام الجديد | le | 1.0 |