Vulnerability CVE-2020-25203
Published: 2020-09-25

Description:
The Framer Preview application 12 for Android exposes com.framer.viewer.FramerViewActivity to other applications. By calling the intent with the action set to android.intent.action.VIEW, any other application is able to load any website/web content into the application's context, which is shown as a full-screen overlay to the user.

See advisories in our WLB2 database:
Topic
Author
Date
Low
Framer Preview 12 Content Injection
Julien Ahrens
23.09.2020

Type:

CWE-926

 References:
http://packetstormsecurity.com/files/159264/Framer-Preview-12-Content-Injection.html
https://rcesecurity.com
Copyright 2024, cxsecurity.com

 

Back to Top