CVE-2019-12366

CVE-2019-12366

EPSS 1.0%

The Nine application through 4.5.3a for Android allows XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READ_EXTERNAL_STORAGE permission.

Productos afectados

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

http://release-notes.9folders.com/https://gubello.me https://www.gubello.me/blog/javascript-injection-in-six-android-mail-clients/