GoodReader App Unspecified Cross Site Scripting Vulnerability

Summary

GoodReader App is for the iPad, the iPhone, and the iPod touch, it is prone to an unspecified cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

Credit:

The original article can be found at: http://www.securityfocus.com/bid/54872
The information has been provided by Keigo Yamazaki of LAC Co. Ltd .


Details

Vulnerable Systems:
 *GoodReader App CVE-2012-2648 Unspecified Cross Site Scripting Vulnerability

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.GoodReader 3.16 and prior versions for iPad are vulnerable.
GoodReader 3.15.1 and prior versions for iPhone and iPod touch are vulnerable.

Vendor Status:
Vendor as issued an updated vulnerability.

Patch Availability:
http://www.apple.com/support/

CVE Information:
CVE-2012-2648

Disclosure Timeline:
Initial Release: Published: Aug 07 2012

Categories: News