Medium severity6.1NVD Advisory· Published May 18, 2020· Updated Jun 17, 2026
CVE-2019-20802
CVE-2019-20802
Description
An issue was discovered in the Readdle Documents app before 6.9.7 for iOS. The application's file-transfer web server improperly displays directory names, leading to Stored XSS, which may be used to steal a user's data. This requires user interaction because there is no known direct way for an attacker to create a crafted directory name on a victim's device. However, a crafted directory name can occur if a victim extracts a ZIP archive that was provided by an attacker.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Readdle/Documents appdescription
Patches
Vulnerability mechanics
References
2- logicaltrust.net/blog/2019/12/documents.htmlnvdExploitThird Party Advisory
- apps.apple.com/us/app/documents-by-readdle/id364901807nvdProductRelease Notes
News mentions
0No linked articles in our index yet.