Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2020-16873

Good to know:

icon
icon

Date: September 11, 2020

<p>A spoofing vulnerability manifests in Microsoft Xamarin.Forms due to the default settings on Android WebView version prior to 83.0.4103.106. This vulnerability could allow an attacker to execute arbitrary Javascript code on a target system.</p> <p>For the attack to be successful, the targeted user would need to browse to a malicious website or a website serving the malicious code through Xamarin.Forms.</p> <p>The security update addresses this vulnerability by preventing the malicious Javascript from running in the WebView.</p>

Language: C#

Severity Score

Related Resources (3)

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16873
https://nvd.nist.gov/vuln/detail/CVE-2020-16873
https://www.mend.io/vulnerability-database/CVE-2020-16873

Severity Score

Weakness Type (CWE)

Initialization of a Resource with an Insecure Default

CWE-1188

Top Fix

icon

Upgrade Version

Upgrade to version FreshMvvm - 0.0.2;Virteom.Tenant.Mobile.Framework.iOS - 0.20.41.103-prerelease;DK.Expressions.Shell - 4.1.8.1908121828;DK.Expressions.Shell - 4.1.8.1908222151;DK.Expressions.Shell - 4.1.8.2017;DK.Expressions.Shell - 4.1.10.2011151623;DK.Expressions.Shell - no_fix;DK.Expressions.Shell - 4.1.8.1908221706;Xam.DomainNotificationHelper - no_fix;GetIt - 2.0.0-beta0001;Omi.Xamarin.Forms.BarcodeX - no_fix;ControlesCustoms.Standard - no_fix;GoogleVisionBarCodeScannerV - 1.0.12;GoogleVisionBarCodeScannerV - 1.0.4;GoogleVisionBarCodeScannerV - 1.0.9;BarcodeScanner.XF - 4.5.0.1;TestEnsighten - no_fix;RT.Forms - no_fix;Virteom.Tenant.Mobile.Framework - 1.0.1;Apalla.Bubu.XF - 3.0.0.268;Apalla.Bubu.XF - 3.0.0.264;Apalla.Bubu.XF - 3.0.0.245;BlockAppsSDK - 1.0.4-alpha;NugetTest.Kiran - no_fix;LeoJHarris.XForms.Plugin.EnhancedEntry - 1.0.6;AlpacaExtras - 0.1.10;Xamarin.Agora.Full.Forms - 2.3.3-beta1;Plugin.XF.TouchID - 2.0.0;IncCustomControl - 1.0.1;Virteom.Tenant.Mobile.Bluetooth.iOS - 0.20.41.103-prerelease;Virteom.Tenant.Mobile.Framework.Android - 0.20.41.103-prerelease;InTheHand.Forms.Maps.Platform.WinRT - 2.0.60301;InTheHand.Forms.Maps.Platform.WinRT - 2.0.1215.1;Xamarin.Forms - 4.7.0.1351+488-sha.2202e3e4f-azdo.4011218;Xamarin.Forms - 4.8.0.1364+352-sha.dfb866be1-azdo.4018739;BarCodeGoogleVisio - no_fix;PhantomLib - 2.0.6;Xamarin.Flexible.Page - no_fix;EZCompress - no_fix;easterapps.xamarin.forms.imagebutton - 1.0.5;easterapps.xamarin.forms.imagebutton - 1.0.7;EasyLayout.Forms - 1.2.0;XForms.Plugin.AnimationNavigationPage - 1.0.7;com.ziti.marioneta - 0.2.0;Virteom.Tenant.Mobile.Bluetooth.Android - 0.20.41.103-prerelease;MIkeNiu.Xamarin.Forms - no_fix;zch.SparkXamarin - no_fix;Xamarians.CropImage - 1.0.2;Tavant.XToolkit.MultiTabPage - 1.0.1;com.nitrocrime.XamarinPainter - 0.1.2;SharedSpace.ExpandableList - no_fix;Ensighten.FormsPlugin - 1.2.1;DL.UITheme - no_fix;Wabou.Navigation - no_fix;XamarinIxcys - no_fix;XamarinFormsLive - 1.0.30;Xam.DomainNotificationHelper.Prism.Unity - no_fix;Xamarin.Flexible.Ahmet_Cavus - no_fix;Xamarin.Plugin.BarcodeX - no_fix

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): REQUIRED
Scope (S): CHANGED
Confidentiality (C): LOW
Integrity (I): NONE
Availability (A): NONE

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): MEDIUM
Authentication (AU): NONE
Confidentiality (C): PARTIAL
Integrity (I): PARTIAL
Availability (A): PARTIAL
Additional information:

Do you need more information?

Contact Us