CVE-2020-16873: Xamarin.Forms Spoofing Vulnerability

Overview

Severity

Medium (CVSS 4.7)

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N/E:F/RL:O/RC:C/CR:M/MAV:N/MAC:L/MPR:N/MUI:R/MS:C

Category

Spoofing

Exploit Status

Not Exploited

Exploitation Likelihood

Less Likely

Patch Tuesday

2020-Sep

Released

2020-09-08

EPSS Score

1.19% (percentile: 78.9%)

Description

A spoofing vulnerability manifests in Microsoft Xamarin.Forms due to the default settings on Android WebView version prior to 83.0.4103.106. This vulnerability could allow an attacker to execute arbitrary Javascript code on a target system. For the attack to be successful, the targeted user would need to browse to a malicious website or a website serving the malicious code through Xamarin.Forms. The security update addresses this vulnerability by preventing the malicious Javascript from running in the WebView.

Affected Products (1)

Other

• 11787

Security Updates (1)

• Release Notes

Acknowledgments

<a href="https://AlesandroOrtiz.com">Alesandro Ortiz</a>

Revision History

• 2020-09-08: Information published.