Japan Vulnerability NotesJVN:71088919JVN#71088919: applican vulnerable to script injection
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS
Percentile
56.7%
applican provided by Newphoria Corporation Inc. is a platform to build hybrid applications for both iOS and Android. applican is vulnerable to script injection due to an issue in processing SSID.
Impact
When an application built using applican processes a specially crafted SSID, an arbitrary script may be executed leading to an arbitrary API being called.
Solution
Update applican and rebuild the application
Update to the latest version of applican and rebuild the application according to the information provided by the developer.
Products Affected
- Applications built using applican for Android versions 1.12.6 and earlier
- Applications built using applican for iOS versions 1.12.3 and earlier
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS
Percentile
56.7%