2 matches found
CVE-2019-12370
The Spark application through 2.0.2 for Android allows XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READEXTERNALSTORAGE permission...
CVE-2019-12370
The provided connected records confirm that CVE-2019-12370 affects the Spark Android app up to version 2.0.2, enabling XSS via an event attribute and arbitrary file loading through a src attribute when READ_EXTERNAL_STORAGE permission is granted. The root cause and exact vulnerable component are ...