Search criteria
4 vulnerabilities found for GoodReader by GoodiWare
VAR-201208-0739
Vulnerability from variot - Updated: 2025-04-11 22:59Cross-site scripting (XSS) vulnerability in the GoodReader app 3.16 and earlier for iOS on the iPad, and 3.15.1 and earlier for iOS on the iPhone and iPod touch, allows remote attackers to inject arbitrary web script or HTML via vectors involving use of this app in conjunction with a web browser. GoodReader contains a cross-site scripting vulnerability. GoodReader is a document reader for Apple mobile devices. GoodReader contains a cross-site scripting vulnerability. Keigo Yamazaki of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.When GoodReader is used through a web browser, an arbitrary script may be executed on the user's web browser. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks. GoodReader 3.16 and prior versions for iPad are vulnerable. GoodReader 3.15.1 and prior versions for iPhone and iPod touch are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201208-0739",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "goodreader",
"scope": "eq",
"trust": 1.6,
"vendor": "goodiware",
"version": "2.7"
},
{
"model": "goodreader",
"scope": "eq",
"trust": 1.6,
"vendor": "goodiware",
"version": "2.6"
},
{
"model": "goodreader",
"scope": "eq",
"trust": 1.6,
"vendor": "goodiware",
"version": "2.4"
},
{
"model": "goodreader",
"scope": "eq",
"trust": 1.6,
"vendor": "goodiware",
"version": "2.2"
},
{
"model": "goodreader",
"scope": "eq",
"trust": 1.6,
"vendor": "goodiware",
"version": "2.5.1"
},
{
"model": "goodreader",
"scope": "eq",
"trust": 1.6,
"vendor": "goodiware",
"version": "2.3"
},
{
"model": "goodreader",
"scope": "eq",
"trust": 1.6,
"vendor": "goodiware",
"version": "2.1"
},
{
"model": "goodreader",
"scope": "eq",
"trust": 1.6,
"vendor": "goodiware",
"version": "2.5"
},
{
"model": "goodreader",
"scope": "eq",
"trust": 1.6,
"vendor": "goodiware",
"version": "1.1"
},
{
"model": "goodreader",
"scope": "eq",
"trust": 1.6,
"vendor": "goodiware",
"version": "2.0"
},
{
"model": "goodreader",
"scope": "eq",
"trust": 1.3,
"vendor": "goodiware",
"version": "3.15.1"
},
{
"model": "goodreader",
"scope": "eq",
"trust": 1.0,
"vendor": "goodiware",
"version": "2.8.4"
},
{
"model": "goodreader",
"scope": "eq",
"trust": 1.0,
"vendor": "goodiware",
"version": "3.4.1"
},
{
"model": "goodreader",
"scope": "eq",
"trust": 1.0,
"vendor": "goodiware",
"version": "3.14.2"
},
{
"model": "goodreader",
"scope": "eq",
"trust": 1.0,
"vendor": "goodiware",
"version": "3.3.1"
},
{
"model": "goodreader",
"scope": "lte",
"trust": 1.0,
"vendor": "goodiware",
"version": "3.16"
},
{
"model": "goodreader",
"scope": "eq",
"trust": 1.0,
"vendor": "goodiware",
"version": "3.0.0"
},
{
"model": "goodreader",
"scope": "eq",
"trust": 1.0,
"vendor": "goodiware",
"version": "3.11.0"
},
{
"model": "goodreader",
"scope": "eq",
"trust": 1.0,
"vendor": "goodiware",
"version": "3.14.0"
},
{
"model": "goodreader",
"scope": "eq",
"trust": 1.0,
"vendor": "goodiware",
"version": "3.14.1"
},
{
"model": "goodreader",
"scope": "eq",
"trust": 1.0,
"vendor": "goodiware",
"version": "2.8.5"
},
{
"model": "goodreader",
"scope": "eq",
"trust": 1.0,
"vendor": "goodiware",
"version": "3.8.0"
},
{
"model": "goodreader",
"scope": "eq",
"trust": 1.0,
"vendor": "goodiware",
"version": "3.12.0"
},
{
"model": "goodreader",
"scope": "eq",
"trust": 1.0,
"vendor": "goodiware",
"version": "2.7.4"
},
{
"model": "goodreader",
"scope": "eq",
"trust": 1.0,
"vendor": "goodiware",
"version": "3.8.1"
},
{
"model": "goodreader",
"scope": "eq",
"trust": 1.0,
"vendor": "goodiware",
"version": "3.7.1"
},
{
"model": "goodreader",
"scope": "eq",
"trust": 1.0,
"vendor": "goodiware",
"version": "3.3.0"
},
{
"model": "goodreader",
"scope": "eq",
"trust": 1.0,
"vendor": "goodiware",
"version": "3.2.1"
},
{
"model": "goodreader",
"scope": "eq",
"trust": 1.0,
"vendor": "goodiware",
"version": "3.5.0"
},
{
"model": "goodreader",
"scope": "eq",
"trust": 1.0,
"vendor": "goodiware",
"version": "3.1.0"
},
{
"model": "goodreader",
"scope": "eq",
"trust": 1.0,
"vendor": "goodiware",
"version": "2.8.2"
},
{
"model": "goodreader",
"scope": "eq",
"trust": 1.0,
"vendor": "goodiware",
"version": "3.6.0"
},
{
"model": "goodreader",
"scope": "eq",
"trust": 1.0,
"vendor": "goodiware",
"version": "3.5.1"
},
{
"model": "goodreader",
"scope": "eq",
"trust": 1.0,
"vendor": "goodiware",
"version": "3.9.0"
},
{
"model": "goodreader",
"scope": "eq",
"trust": 1.0,
"vendor": "goodiware",
"version": "3.9.1"
},
{
"model": "goodreader",
"scope": "eq",
"trust": 1.0,
"vendor": "goodiware",
"version": "3.10.2"
},
{
"model": "goodreader",
"scope": "eq",
"trust": 1.0,
"vendor": "goodiware",
"version": "3.10.1"
},
{
"model": "goodreader",
"scope": "eq",
"trust": 1.0,
"vendor": "goodiware",
"version": "3.7.0"
},
{
"model": "goodreader",
"scope": "eq",
"trust": 1.0,
"vendor": "goodiware",
"version": "3.13.1"
},
{
"model": "goodreader",
"scope": "eq",
"trust": 1.0,
"vendor": "goodiware",
"version": "3.12.1"
},
{
"model": "goodreader",
"scope": "eq",
"trust": 1.0,
"vendor": "goodiware",
"version": "3.4.0"
},
{
"model": "goodreader",
"scope": "lte",
"trust": 1.0,
"vendor": "goodiware",
"version": "3.15.1"
},
{
"model": "goodreader",
"scope": "eq",
"trust": 1.0,
"vendor": "goodiware",
"version": "2.8"
},
{
"model": "goodreader",
"scope": "eq",
"trust": 1.0,
"vendor": "goodiware",
"version": "3.6.1"
},
{
"model": "goodreader",
"scope": "eq",
"trust": 1.0,
"vendor": "goodiware",
"version": "3.0.1"
},
{
"model": "goodreader",
"scope": "eq",
"trust": 1.0,
"vendor": "goodiware",
"version": "3.0.2"
},
{
"model": "goodreader",
"scope": "eq",
"trust": 1.0,
"vendor": "goodiware",
"version": "3.2.0"
},
{
"model": "goodreader",
"scope": "eq",
"trust": 1.0,
"vendor": "goodiware",
"version": "3.2.3"
},
{
"model": "goodreader",
"scope": "eq",
"trust": 1.0,
"vendor": "goodiware",
"version": "3.10.0"
},
{
"model": "goodreader",
"scope": "eq",
"trust": 1.0,
"vendor": "goodiware",
"version": "3.0.3"
},
{
"model": "goodreader",
"scope": "eq",
"trust": 1.0,
"vendor": "goodiware",
"version": "3.15.0"
},
{
"model": "goodreader",
"scope": "eq",
"trust": 1.0,
"vendor": "goodiware",
"version": "3.10.3"
},
{
"model": "goodreader",
"scope": "eq",
"trust": 1.0,
"vendor": "goodiware",
"version": "3.1.2"
},
{
"model": "goodreader",
"scope": "eq",
"trust": 1.0,
"vendor": "goodiware",
"version": "3.11.1"
},
{
"model": "goodreader",
"scope": "eq",
"trust": 1.0,
"vendor": "goodiware",
"version": "3.13.0"
},
{
"model": "goodreader",
"scope": "lte",
"trust": 0.8,
"vendor": "goodiware",
"version": "for ipad 3.16"
},
{
"model": "goodreader",
"scope": "lte",
"trust": 0.8,
"vendor": "goodiware",
"version": "for iphone / ipod touch 3.15.1"
},
{
"model": "goodreader",
"scope": "eq",
"trust": 0.3,
"vendor": "goodiware",
"version": "3.16"
},
{
"model": "goodreader",
"scope": "ne",
"trust": 0.3,
"vendor": "goodiware",
"version": "3.17.1"
},
{
"model": "goodreader",
"scope": "ne",
"trust": 0.3,
"vendor": "goodiware",
"version": "3.17"
}
],
"sources": [
{
"db": "BID",
"id": "54872"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-000073"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-053"
},
{
"db": "NVD",
"id": "CVE-2012-2648"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:goodiware:goodreader",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-000073"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Keigo Yamazaki of LAC Co. Ltd",
"sources": [
{
"db": "BID",
"id": "54872"
}
],
"trust": 0.3
},
"cve": "CVE-2012-2648",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2012-2648",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2012-000073",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-55929",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2012-2648",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "IPA",
"id": "JVNDB-2012-000073",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201208-053",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-55929",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-55929"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-000073"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-053"
},
{
"db": "NVD",
"id": "CVE-2012-2648"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting (XSS) vulnerability in the GoodReader app 3.16 and earlier for iOS on the iPad, and 3.15.1 and earlier for iOS on the iPhone and iPod touch, allows remote attackers to inject arbitrary web script or HTML via vectors involving use of this app in conjunction with a web browser. GoodReader contains a cross-site scripting vulnerability. GoodReader is a document reader for Apple mobile devices. GoodReader contains a cross-site scripting vulnerability. Keigo Yamazaki of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.When GoodReader is used through a web browser, an arbitrary script may be executed on the user\u0027s web browser. \nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks. \nGoodReader 3.16 and prior versions for iPad are vulnerable. \nGoodReader 3.15.1 and prior versions for iPhone and iPod touch are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-2648"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-000073"
},
{
"db": "BID",
"id": "54872"
},
{
"db": "VULHUB",
"id": "VHN-55929"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-2648",
"trust": 2.8
},
{
"db": "JVN",
"id": "JVN01598734",
"trust": 2.8
},
{
"db": "JVNDB",
"id": "JVNDB-2012-000073",
"trust": 2.5
},
{
"db": "CNNVD",
"id": "CNNVD-201208-053",
"trust": 0.7
},
{
"db": "BID",
"id": "54872",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-55929",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-55929"
},
{
"db": "BID",
"id": "54872"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-000073"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-053"
},
{
"db": "NVD",
"id": "CVE-2012-2648"
}
]
},
"id": "VAR-201208-0739",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-55929"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-11T22:59:15.880000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "GoodReader",
"trust": 0.8,
"url": "http://www.goodiware.com/goodreader.html"
},
{
"title": "Apple iPad/iPhone/iPod touch iOS Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=203177"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-000073"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-053"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-55929"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-000073"
},
{
"db": "NVD",
"id": "CVE-2012-2648"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://jvn.jp/en/jp/jvn01598734/index.html"
},
{
"trust": 1.7,
"url": "http://jvndb.jvn.jp/jvndb/jvndb-2012-000073"
},
{
"trust": 1.1,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-2648"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-2648"
},
{
"trust": 0.3,
"url": "http://software.cisco.com/download/navigator.html?mdfid=283613663"
},
{
"trust": 0.3,
"url": "http://www.goodreader.net/goodreader.html"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-55929"
},
{
"db": "BID",
"id": "54872"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-000073"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-053"
},
{
"db": "NVD",
"id": "CVE-2012-2648"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-55929"
},
{
"db": "BID",
"id": "54872"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-000073"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-053"
},
{
"db": "NVD",
"id": "CVE-2012-2648"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-08-07T00:00:00",
"db": "VULHUB",
"id": "VHN-55929"
},
{
"date": "2012-08-07T00:00:00",
"db": "BID",
"id": "54872"
},
{
"date": "2012-08-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-000073"
},
{
"date": "2012-08-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201208-053"
},
{
"date": "2012-08-07T19:55:02.187000",
"db": "NVD",
"id": "CVE-2012-2648"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-08-10T00:00:00",
"db": "VULHUB",
"id": "VHN-55929"
},
{
"date": "2012-08-07T00:00:00",
"db": "BID",
"id": "54872"
},
{
"date": "2012-08-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-000073"
},
{
"date": "2022-08-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201208-053"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2012-2648"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201208-053"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GoodReader vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-000073"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201208-053"
}
],
"trust": 0.6
}
}
CVE-2012-2648 (GCVE-0-2012-2648)
Vulnerability from nvd – Published: 2012-08-07 19:00 – Updated: 2024-09-16 16:34
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the GoodReader app 3.16 and earlier for iOS on the iPad, and 3.15.1 and earlier for iOS on the iPhone and iPod touch, allows remote attackers to inject arbitrary web script or HTML via vectors involving use of this app in conjunction with a web browser.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:42:32.316Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#01598734",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN01598734/index.html"
},
{
"name": "JVNDB-2012-000073",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000073"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the GoodReader app 3.16 and earlier for iOS on the iPad, and 3.15.1 and earlier for iOS on the iPhone and iPod touch, allows remote attackers to inject arbitrary web script or HTML via vectors involving use of this app in conjunction with a web browser."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-08-07T19:00:00Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#01598734",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN01598734/index.html"
},
{
"name": "JVNDB-2012-000073",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000073"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2012-2648",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the GoodReader app 3.16 and earlier for iOS on the iPad, and 3.15.1 and earlier for iOS on the iPhone and iPod touch, allows remote attackers to inject arbitrary web script or HTML via vectors involving use of this app in conjunction with a web browser."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#01598734",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN01598734/index.html"
},
{
"name": "JVNDB-2012-000073",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000073"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2012-2648",
"datePublished": "2012-08-07T19:00:00Z",
"dateReserved": "2012-05-14T00:00:00Z",
"dateUpdated": "2024-09-16T16:34:04.219Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2648 (GCVE-0-2012-2648)
Vulnerability from cvelistv5 – Published: 2012-08-07 19:00 – Updated: 2024-09-16 16:34
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the GoodReader app 3.16 and earlier for iOS on the iPad, and 3.15.1 and earlier for iOS on the iPhone and iPod touch, allows remote attackers to inject arbitrary web script or HTML via vectors involving use of this app in conjunction with a web browser.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:42:32.316Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#01598734",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN01598734/index.html"
},
{
"name": "JVNDB-2012-000073",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000073"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the GoodReader app 3.16 and earlier for iOS on the iPad, and 3.15.1 and earlier for iOS on the iPhone and iPod touch, allows remote attackers to inject arbitrary web script or HTML via vectors involving use of this app in conjunction with a web browser."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-08-07T19:00:00Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#01598734",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN01598734/index.html"
},
{
"name": "JVNDB-2012-000073",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000073"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2012-2648",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the GoodReader app 3.16 and earlier for iOS on the iPad, and 3.15.1 and earlier for iOS on the iPhone and iPod touch, allows remote attackers to inject arbitrary web script or HTML via vectors involving use of this app in conjunction with a web browser."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#01598734",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN01598734/index.html"
},
{
"name": "JVNDB-2012-000073",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000073"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2012-2648",
"datePublished": "2012-08-07T19:00:00Z",
"dateReserved": "2012-05-14T00:00:00Z",
"dateUpdated": "2024-09-16T16:34:04.219Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
JVNDB-2012-000073
Vulnerability from jvndb - Published: 2012-08-02 14:46 - Updated:2012-08-02 14:46Summary
GoodReader vulnerable to cross-site scripting
Details
GoodReader contains a cross-site scripting vulnerability.
GoodReader is a document reader for Apple mobile devices. GoodReader contains a cross-site scripting vulnerability.
Keigo Yamazaki of LAC Co., Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000073.html",
"dc:date": "2012-08-02T14:46+09:00",
"dcterms:issued": "2012-08-02T14:46+09:00",
"dcterms:modified": "2012-08-02T14:46+09:00",
"description": "GoodReader contains a cross-site scripting vulnerability.\r\n\r\nGoodReader is a document reader for Apple mobile devices. GoodReader contains a cross-site scripting vulnerability.\r\n\r\nKeigo Yamazaki of LAC Co., Ltd. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000073.html",
"sec:cpe": {
"#text": "cpe:/a:goodiware:goodreader",
"@product": "GoodReader",
"@vendor": "GoodiWare",
"@version": "2.2"
},
"sec:cvss": {
"@score": "5.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2012-000073",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN01598734/index.html",
"@id": "JVN#01598734",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2648",
"@id": "CVE-2012-2648",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2648",
"@id": "CVE-2012-2648",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "GoodReader vulnerable to cross-site scripting"
}