[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

CVE-2013-5118 - XSS Good for Enterprise iOS

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: CVE-2013-5118 - XSS Good for Enterprise iOS
From: mario@xxxxxxxxxxx
Date: Tue, 24 Sep 2013 15:44:53 GMT

Hello,

Last month I identified a XSS vulnerability in the Good for Enterprise iOS 
application.

The vulnerable versions are v2.2.2.1611 and earlier
 
Proof of Concept:
HTML Email including the following payload will execute Javascript statements 
when the victim open the email using the vulnerable version.
 
Payload:
<body>
<div>
<script>alert('XSS Here')</script>
</div>
</body>
 
Remediation:
I worked with the Good people to close the issue, I provided some guidance and 
feedback and agreed with them to not disclose it until they fix it.

The new release is now available:
Update the "Good for Enterprise" iOS application to 2.2.4.1659 or newer
 
References:
https://www.roblest.com/#research:CVE-2013-5118 

Can the comunity please provide feedback and comments in order to ensure the 
fix is working well

Many thanks

Mario

Prev by Date: Re: DC4420 - London DEFCON - September meet - Tuesday 24th September 2013
Next by Date: [SECURITY] [DSA 2763-1] pyopenssl security update
Previous by thread: Re: DC4420 - London DEFCON - September meet - Tuesday 24th September 2013
Next by thread: [SECURITY] [DSA 2763-1] pyopenssl security update
Index(es):
- Date
- Thread