Good for Enterprise 2.2.2.1611 – Cross-Site Scripting

• Exploit Database
• 108 阅读

• 作者： Mario
  日期： 2013-09-25
• 类别：

  • webapps
  平台：

  • hardware
• 来源：https://www.exploit-db.com/exploits/28555/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27

  The vulnerable versions are v2.2.2.1611 and earlier Proof of Concept: HTML Email including the following payload will execute Javascript statements when the victim open the email using the vulnerable version. Payload: <body> <div> <script>alert(&apos;XSS Here&apos;)</script> </div> </body> Remediation: I worked with the Good people to close the issue, I provided some guidance and feedback and agreed with them to not disclose it until they fix it.   The new release is now available: Update the "Good for Enterprise" iOS application to 2.2.4.1659 or newer References: https://www.roblest.com/#research:CVE-2013-5118   Can the comunity please provide feedback and comments in order to ensure the fix is working well   Many thanks   Mario