Summary
| Detail | |||
|---|---|---|---|
| Vendor | Readdle | First view | 2020-05-18 |
| Product | Documents | Last view | 2020-05-18 |
| Version | Type | Application | |
| Update | |||
| Edition | |||
| Language | |||
| Sofware Edition | |||
| Target Software | |||
| Target Hardware | |||
| Other | |||
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
| CPE Name | Affected CVE |
|---|---|
| cpe:2.3:a:readdle:documents:*:*:*:*:*:iphone_os:*:* | 2 |
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 6.1 | 2020-05-18 | CVE-2019-20802 | An issue was discovered in the Readdle Documents app before 6.9.7 for iOS. The application's file-transfer web server improperly displays directory names, leading to Stored XSS, which may be used to steal a user's data. This requires user interaction because there is no known direct way for an attacker to create a crafted directory name on a victim's device. However, a crafted directory name can occur if a victim extracts a ZIP archive that was provided by an attacker. |
| 5.3 | 2020-05-18 | CVE-2019-20801 | An issue was discovered in the Readdle Documents app before 6.9.7 for iOS. The application's file-transfer web server allows for cross-origin requests from any domain, and the WebSocket server lacks authorization control. Any web site can execute JavaScript code (that accesses a user's data) via cross-origin requests. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 100% (1) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
