Vulnerabilities > CVE-2020-25203 - Unspecified vulnerability in Framer Preview 12.0

CVSS 1.9 - LOW

Attack vector

LOCAL

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

local

framer

NVD

Published: 2020-09-25

Updated: 2020-10-06

Summary

The Framer Preview application 12 for Android exposes com.framer.viewer.FramerViewActivity to other applications. By calling the intent with the action set to android.intent.action.VIEW, any other application is able to load any website/web content into the application's context, which is shown as a full-screen overlay to the user.

Vulnerable Configurations

Part	Description	Count
Application	Framer Framer Framer Preview 12.0	1

References

http://packetstormsecurity.com/files/159264/Framer-Preview-12-Content-Injection.html
https://rcesecurity.com