VYPR
Unrated severityNVD Advisory· Published Sep 11, 2020· Updated Aug 4, 2024

Xamarin.Forms Spoofing Vulnerability

CVE-2020-16873

Description

A spoofing vulnerability manifests in Microsoft Xamarin.Forms due to the default settings on Android WebView version prior to 83.0.4103.106. This vulnerability could allow an attacker to execute arbitrary Javascript code on a target system. For the attack to be successful, the targeted user would need to browse to a malicious website or a website serving the malicious code through Xamarin.Forms. The security update addresses this vulnerability by preventing the malicious Javascript from running in the WebView.

Affected products

2
  • Microsoft/Xamarin.Formscpe-rescue2 versions
    cpe:2.3:a:microsoft:xamarin.forms:-:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:microsoft:xamarin.forms:-:*:*:*:*:*:*:*range: 83.0.0
    • (no CPE)

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.