An issue was discovered in the Readdle Documents app before 6.9.7 for iOS. The application's file-transfer web server allows for cross-origin requests from any domain, and the WebSocket server lacks authorization control. Any web site can execute JavaScript code (that accesses a user's data) via cross-origin requests.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2020-05-17T23:05:30
Updated: 2024-08-05T02:53:09.014Z
Reserved: 2020-05-17T00:00:00
Link: CVE-2019-20801
Vulnrichment
No data.
NVD
Status : Modified
Published: 2020-05-18T00:15:11.393
Modified: 2024-11-21T04:39:23.743
Link: CVE-2019-20801
Redhat
No data.