Vulnerabilities > CVE-2020-16873 - Insecure Default Initialization of Resource vulnerability in Microsoft Xamarin.Forms

CVSS 4.7 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

microsoft

CWE-1188

NVD

Published: 2020-09-11

Updated: 2023-12-31

Summary

A spoofing vulnerability manifests in Microsoft Xamarin.Forms due to the default settings on Android WebView version prior to 83.0.4103.106. This vulnerability could allow an attacker to execute arbitrary Javascript code on a target system. For the attack to be successful, the targeted user would need to browse to a malicious website or a website serving the malicious code through Xamarin.Forms. The security update addresses this vulnerability by preventing the malicious Javascript from running in the WebView.

Vulnerable Configurations

Part	Description	Count
Application	Microsoft Microsoft Xamarin.Forms -	1
Application	Google Google Chrome *	1

Common Weakness Enumeration (CWE)

CWE-1188 - Insecure Default Initialization of Resource

References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16873