The WebView class in the Cybozu Live application prior to 2.0.1 for Android allows malicious users to execute arbitrary JavaScript code, and obtain sensitive information, via a crafted application that places this code into a local file associated with a file: URL. NOTE: this vulnerability exists because of a CVE-2012-4009 regression.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cybozu cybozu live |
||
cybozu cybozu live 1.0.4 |