Lucene search

K

Readdle Security Vulnerabilities

cve
cve

CVE-2019-20801

An issue was discovered in the Readdle Documents app before 6.9.7 for iOS. The application's file-transfer web server allows for cross-origin requests from any domain, and the WebSocket server lacks authorization control. Any web site can execute JavaScript code (that accesses a user's data) via...

5.3CVSS

5.5AI Score

0.001EPSS

2020-05-18 12:15 AM
33
cve
cve

CVE-2019-20802

An issue was discovered in the Readdle Documents app before 6.9.7 for iOS. The application's file-transfer web server improperly displays directory names, leading to Stored XSS, which may be used to steal a user's data. This requires user interaction because there is no known direct way for an...

6.1CVSS

6AI Score

0.001EPSS

2020-05-18 12:15 AM
29
cve
cve

CVE-2019-12370

The Spark application through 2.0.2 for Android allows XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READ_EXTERNAL_STORAGE...

6.1CVSS

5.9AI Score

0.001EPSS

2020-03-18 07:15 PM
44