Arbitrary JavaScript Code Execution and Information Disclosure in Cybozu KUNAI Android Application

Arbitrary JavaScript Code Execution and Information Disclosure in Cybozu KUNAI Android Application

CVE-2012-4012 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:N/A:N

The WebView class in the Cybozu KUNAI application before 2.0.6 for Android allows remote attackers to execute arbitrary JavaScript code, and obtain sensitive information, via a crafted application that places this code into a local file associated with a file: URL.

Learn more about our Cis Benchmark Audit For Google Android.