echo-news.co.uk XSS vulnerability

Open Bug Bounty ID: OBB-178134 Description| Value ---|--- Affected Website:| echo-news.co.uk Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat...

Echo News - Dynamic Code Loading, External URLs, Suspicious files vulnerabilities

HackApp vulnerability scanner discovered that application Echo News published at the 'play' market has multiple vulnerabilities...

CVE-2014-7342

The Echo News aka com.solo.report 1.10 application beta for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

Code injection

The Echo News aka com.solo.report 1.10 application beta for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

CVE-2014-7342

The CVE-2014-7342 entry affects the Android application Echo News (package com.solo.report) in version 1.10 (beta). The underlying issue is that the app does not verify X.509 certificates when connecting to SSL servers, enabling man-in-the-middle attackers to spoof servers and access sensitive in...

CVE-2014-7342

The Echo News aka com.solo.report 1.10 application beta for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...