GoodReader App Unspecified Cross Site Scripting Vulnerability


GoodReader App is for the iPad, the iPhone, and the iPod touch, it is prone to an unspecified cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.


The original article can be found at:
The information has been provided by Keigo Yamazaki of LAC Co. Ltd .


Vulnerable Systems:
 *GoodReader App CVE-2012-2648 Unspecified Cross Site Scripting Vulnerability

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.GoodReader 3.16 and prior versions for iPad are vulnerable.
GoodReader 3.15.1 and prior versions for iPhone and iPod touch are vulnerable.

Vendor Status:
Vendor as issued an updated vulnerability.

Patch Availability:

CVE Information:

Disclosure Timeline:
Initial Release: Published: Aug 07 2012

Categories: News