GoodReader App Unspecified Cross Site Scripting Vulnerability
The original article can be found at: http://www.securityfocus.com/bid/54872
The information has been provided by Keigo Yamazaki of LAC Co. Ltd .
*GoodReader App CVE-2012-2648 Unspecified Cross Site Scripting Vulnerability
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.GoodReader 3.16 and prior versions for iPad are vulnerable.
GoodReader 3.15.1 and prior versions for iPhone and iPod touch are vulnerable.
Vendor as issued an updated vulnerability.
Initial Release: Published: Aug 07 2012