Vulnerabilities > CVE-2013-2317 - Cross-Site Scripting vulnerability in Apache OFBiz

047910
CVSS 5.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
NONE
network
fenrir-inc
google
NVD
Published: 2013-06-03
Updated: 2013-06-04

Summary

The Sleipnir Mobile application 2.9.1 and earlier and Sleipnir Mobile Black Edition application 2.9.1 and earlier for Android allow remote attackers to spoof the address bar via vectors involving the opening of a new window.

Vulnerable Configurations

Part Description Count
Application
Fenrir-Inc
63
OS
Google
1

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 60200 CVE(CAN) ID: CVE-2013-2317 Sleipnir Mobile for Android一款手机Android Web浏览器。 Sleipnir Mobile for Android 2.10.0之前版本、Sleipnir Mobile Black Edition for Android 2.10.0之前版本存在地址栏欺骗漏洞,攻击者可利用此漏洞进行钓鱼等其他内容欺骗攻击。 0 Sleipnir Mobile for Android Sleipnir Mobile for Android 厂商补丁: Sleipnir Mobile for Android --------------------------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: https://play.google.com/store/apps/details?id=jp.co.fenrir.android.sleipnir&hl=zh_CN
idSSV:60820
last seen2017-11-19
modified2013-06-01
published2013-06-01
reporterRoot
titleSleipnir Mobile for Android地址栏欺骗漏洞(CVE-2013-2317)

References