[CVE-2020-25203] Frame Preview "com.framer.viewer.FramerViewActivity" Arbitrary URL Loading

Posted by Julien Ahrens (RCE Security) on Sep 22

RCE Security Advisory
https://www.rcesecurity.com

1. ADVISORY INFORMATION
=======================
Product: Framer Preview
Vendor URL: https://play.google.com/store/apps/details?id=com.framerjs.android
Type: Improper Export of Android Application Components [CWE-926]
Date found: 2020-09-06
Date published: 2020-09-22
CVSSv3 Score: 5.5 (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)
CVE: CVE-2020-25203

2….

If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.

Original Source

Tags: cyber, exploit, full disclosure, OSINT, seclist, Security, threatintel, vulnerabilities, vulnerability, vulns

[CVE-2020-25203] Frame Preview “com.framer.viewer.FramerViewActivity” Arbitrary URL Loading

Original Source

HackerOne Bug Bounty Disclosure: rxss-in-hidden-parameter-hassan-sheet

HackerOne Bug Bounty Disclosure: jira-credential-disclosure-within-mozilla-slack-griffinf

CISA: CISA Releases Two Industrial Control Systems Advisories

Analyzing Forest Blizzard’s custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials

CACTUS Ransomware Victim: https://www[.]ebir[.]com/

Original Source

You may have missed

HackerOne Bug Bounty Disclosure: rxss-in-hidden-parameter-hassan-sheet

HackerOne Bug Bounty Disclosure: jira-credential-disclosure-within-mozilla-slack-griffinf

CISA: CISA Releases Two Industrial Control Systems Advisories

Analyzing Forest Blizzard’s custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials

CACTUS Ransomware Victim: https://www[.]ebir[.]com/