Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:29845
HistoryOct 01, 2013 - 12:00 a.m.

CVE-2013-5118 - XSS Good for Enterprise iOS

2013-10-0100:00:00
vulners.com
15
JSON

Hello,

Last month I identified a XSS vulnerability in the Good for Enterprise iOS application.

The vulnerable versions are v2.2.2.1611 and earlier

Proof of Concept:
HTML Email including the following payload will execute Javascript statements when the victim open the email using the vulnerable version.

Payload:
<body>
<div>
<script>alert('XSS Here')</script>
</div>
</body>

Remediation:
I worked with the Good people to close the issue, I provided some guidance and feedback and agreed with them to not disclose it until they fix it.

The new release is now available:
Update the "Good for Enterprise" iOS application to 2.2.4.1659 or newer

References:
https://www.roblest.com/#research:CVE-2013-5118

Can the comunity please provide feedback and comments in order to ensure the fix is working well

Many thanks

Mario

Related

zdt 1
seebug 1
cve 1
prion 1
packetstorm 1
exploitpack 1
exploitdb 1
zdt
zdt
Good for Enterprise 2.2.2.1611 - XSS Vulnerability
2013-09-25 00:00:00
seebug
seebug
Good for Enterprise 2.2.2.1611 - XSS Vulnerability
2014-07-01 00:00:00
cve
cve
CVE-2013-5118
2013-09-25 10:31:00
prion
prion
Cross site scripting
2013-09-25 10:31:00
packetstorm
packetstorm
Good For Enterprise 2.2.2.1611 Cross Site Scripting
2013-09-24 00:00:00
exploitpack
exploitpack
Good for Enterprise 2.2.2.1611 - Cross-Site Scripting
2013-09-25 00:00:00
exploitdb
exploitdb
Good for Enterprise 2.2.2.1611 - Cross-Site Scripting
2013-09-25 00:00:00
JSON
Related for SECURITYVULNS:DOC:29845
zdt1seebug1cve1prion1packetstorm1exploitpack1exploitdb1