[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

CVE-2013-5118 - XSS Good for Enterprise iOS


Last month I identified a XSS vulnerability in the Good for Enterprise iOS application.

The vulnerable versions are v2.2.2.1611 and earlier
Proof of Concept:
HTML Email including the following payload will execute Javascript statements when the victim open the email using the vulnerable version.
<script>alert('XSS Here')</script>
I worked with the Good people to close the issue, I provided some guidance and feedback and agreed with them to not disclose it until they fix it.

The new release is now available:
Update the "Good for Enterprise" iOS application to or newer

Can the comunity please provide feedback and comments in order to ensure the fix is working well

Many thanks