Good for Enterprise 2.2.2.1611 - XSS Vulnerability [Anonymoused]

2013-09-25 18:05:06

The vulnerable versions are v2.2.2.1611 and earlier

Proof of Concept:
HTML Email including the following payload will execute Javascript statements when the victim open the email using the vulnerable version.

Payload:
<body>
<div>
<script>alert('XSS Here')</script>
</div>
</body>

Remediation:
I worked with the Good people to close the issue, I provided some guidance and feedback and agreed with them to not disclose it until they fix it.

The new release is now available:
Update the "Good for Enterprise" iOS application to 2.2.4.1659 or newer

References:
https://www.roblest.com/#research:CVE-2013-5118

Can the comunity please provide feedback and comments in order to ensure the fix is working well

Many thanks

Mario

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.