2 matches found
Design/Logic Flaw
The WebView class in the Cybozu Live application before 2.0.1 for Android allows attackers to execute arbitrary JavaScript code, and obtain sensitive information, via a crafted application that places this code into a local file associated with a file: URL. NOTE: this vulnerability exists because...
CVE-2012-4009
CVE-2012-4009 affects Cybozu Live for Android (WebView) prior to version 1.0.4. The WebView component can be abused by a crafted app to place JavaScript into a local file via a file: URL, enabling remote attackers to execute arbitrary JavaScript and potentially access sensitive information. CVSS/...