Arbitrary JavaScript Code Execution and Information Disclosure in Cybozu Live Android App

Arbitrary JavaScript Code Execution and Information Disclosure in Cybozu Live Android App

CVE-2012-4009 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

The WebView class in the Cybozu Live application 1.0.4 and earlier for Android allows remote attackers to execute arbitrary JavaScript code, and obtain sensitive information, via a crafted application that places this code into a local file associated with a file: URL.

Learn more about our Cis Benchmark Audit For Google Android.