[Japanese] | |
JVNDB-2015-000179 | |
applican vulnerable to script injection | |
Overview | |
applican provided by Newphoria Corporation Inc. is a platform to build hybrid applications for both iOS and Android. applican is vulnerable to script injection due to an issue in proccessing URL. | |
CVSS Severity (What is CVSS?) | |
CVSS V2 Severity:
Base Metrics 6.8 (Medium) [IPA Score]
| |
Affected Products | |
| |
Newphoria Corporation | |
Applications built using applican above are affected by this vulnerability. | |
Impact | |
When a user accesses a specially crafted URL through an application built using applican, an arbitrary script may be executed leading to an arbitrary API being called. | |
Solution | |
[Update applican and rebuild the application] | |
Vendor Information | |
Newphoria Corporation | |
CWE (What is CWE?) | |
| |
CVE (What is CVE?) | |
| |
References | |
| |
Revision History | |
|
Date Public | 2015/11/17 |
Date First Published | 2015/11/17 |
Date Last Updated | 2015/11/24 |