Sign-up

ID

VAR-201208-0739


CVE

CVE-2012-2648


TITLE

GoodReader vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2012-000073

DESCRIPTION

Cross-site scripting (XSS) vulnerability in the GoodReader app 3.16 and earlier for iOS on the iPad, and 3.15.1 and earlier for iOS on the iPhone and iPod touch, allows remote attackers to inject arbitrary web script or HTML via vectors involving use of this app in conjunction with a web browser. GoodReader contains a cross-site scripting vulnerability. GoodReader is a document reader for Apple mobile devices. GoodReader contains a cross-site scripting vulnerability. Keigo Yamazaki of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.When GoodReader is used through a web browser, an arbitrary script may be executed on the user's web browser. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks. GoodReader 3.16 and prior versions for iPad are vulnerable. GoodReader 3.15.1 and prior versions for iPhone and iPod touch are vulnerable

Trust: 1.98

sources: NVD: CVE-2012-2648 // JVNDB: JVNDB-2012-000073 // BID: 54872 // VULHUB: VHN-55929

AFFECTED PRODUCTS

vendor:goodiwaremodel:goodreaderscope:eqversion:2.7

Trust: 1.6

vendor:goodiwaremodel:goodreaderscope:eqversion:2.6

Trust: 1.6

vendor:goodiwaremodel:goodreaderscope:eqversion:2.4

Trust: 1.6

vendor:goodiwaremodel:goodreaderscope:eqversion:2.2

Trust: 1.6

vendor:goodiwaremodel:goodreaderscope:eqversion:2.5.1

Trust: 1.6

vendor:goodiwaremodel:goodreaderscope:eqversion:2.3

Trust: 1.6

vendor:goodiwaremodel:goodreaderscope:eqversion:2.1

Trust: 1.6

vendor:goodiwaremodel:goodreaderscope:eqversion:2.5

Trust: 1.6

vendor:goodiwaremodel:goodreaderscope:eqversion:1.1

Trust: 1.6

vendor:goodiwaremodel:goodreaderscope:eqversion:2.0

Trust: 1.6

vendor:goodiwaremodel:goodreaderscope:eqversion:3.15.1

Trust: 1.3

vendor:goodiwaremodel:goodreaderscope:eqversion:3.1.2

Trust: 1.0

vendor:goodiwaremodel:goodreaderscope:eqversion:3.10.3

Trust: 1.0

vendor:goodiwaremodel:goodreaderscope:eqversion:3.11.1

Trust: 1.0

vendor:goodiwaremodel:goodreaderscope:eqversion:3.2.0

Trust: 1.0

vendor:goodiwaremodel:goodreaderscope:eqversion:3.10.1

Trust: 1.0

vendor:goodiwaremodel:goodreaderscope:eqversion:3.13.1

Trust: 1.0

vendor:goodiwaremodel:goodreaderscope:eqversion:3.3.0

Trust: 1.0

vendor:goodiwaremodel:goodreaderscope:eqversion:3.15.0

Trust: 1.0

vendor:goodiwaremodel:goodreaderscope:lteversion:3.15.1

Trust: 1.0

vendor:goodiwaremodel:goodreaderscope:eqversion:2.8.5

Trust: 1.0

vendor:goodiwaremodel:goodreaderscope:eqversion:2.8.2

Trust: 1.0

vendor:goodiwaremodel:goodreaderscope:eqversion:3.0.2

Trust: 1.0

vendor:goodiwaremodel:goodreaderscope:eqversion:3.2.3

Trust: 1.0

vendor:goodiwaremodel:goodreaderscope:eqversion:3.4.0

Trust: 1.0

vendor:goodiwaremodel:goodreaderscope:eqversion:3.5.0

Trust: 1.0

vendor:goodiwaremodel:goodreaderscope:eqversion:3.8.0

Trust: 1.0

vendor:goodiwaremodel:goodreaderscope:eqversion:3.11.0

Trust: 1.0

vendor:goodiwaremodel:goodreaderscope:eqversion:3.10.0

Trust: 1.0

vendor:goodiwaremodel:goodreaderscope:eqversion:3.7.0

Trust: 1.0

vendor:goodiwaremodel:goodreaderscope:eqversion:3.14.0

Trust: 1.0

vendor:goodiwaremodel:goodreaderscope:eqversion:3.14.2

Trust: 1.0

vendor:goodiwaremodel:goodreaderscope:eqversion:3.0.3

Trust: 1.0

vendor:goodiwaremodel:goodreaderscope:eqversion:3.5.1

Trust: 1.0

vendor:goodiwaremodel:goodreaderscope:eqversion:3.6.0

Trust: 1.0

vendor:goodiwaremodel:goodreaderscope:eqversion:3.14.1

Trust: 1.0

vendor:goodiwaremodel:goodreaderscope:eqversion:3.12.1

Trust: 1.0

vendor:goodiwaremodel:goodreaderscope:eqversion:3.13.0

Trust: 1.0

vendor:goodiwaremodel:goodreaderscope:eqversion:3.10.2

Trust: 1.0

vendor:goodiwaremodel:goodreaderscope:eqversion:3.3.1

Trust: 1.0

vendor:goodiwaremodel:goodreaderscope:eqversion:3.2.1

Trust: 1.0

vendor:goodiwaremodel:goodreaderscope:eqversion:3.7.1

Trust: 1.0

vendor:goodiwaremodel:goodreaderscope:eqversion:3.6.1

Trust: 1.0

vendor:goodiwaremodel:goodreaderscope:eqversion:2.8.4

Trust: 1.0

vendor:goodiwaremodel:goodreaderscope:eqversion:2.8

Trust: 1.0

vendor:goodiwaremodel:goodreaderscope:eqversion:3.0.1

Trust: 1.0

vendor:goodiwaremodel:goodreaderscope:eqversion:3.4.1

Trust: 1.0

vendor:goodiwaremodel:goodreaderscope:eqversion:2.7.4

Trust: 1.0

vendor:goodiwaremodel:goodreaderscope:eqversion:3.8.1

Trust: 1.0

vendor:goodiwaremodel:goodreaderscope:eqversion:3.1.0

Trust: 1.0

vendor:goodiwaremodel:goodreaderscope:lteversion:3.16

Trust: 1.0

vendor:goodiwaremodel:goodreaderscope:eqversion:3.0.0

Trust: 1.0

vendor:goodiwaremodel:goodreaderscope:eqversion:3.9.0

Trust: 1.0

vendor:goodiwaremodel:goodreaderscope:eqversion:3.9.1

Trust: 1.0

vendor:goodiwaremodel:goodreaderscope:eqversion:3.12.0

Trust: 1.0

vendor:goodiwaremodel:goodreaderscope:lteversion:for ipad 3.16

Trust: 0.8

vendor:goodiwaremodel:goodreaderscope:lteversion:for iphone / ipod touch 3.15.1

Trust: 0.8

vendor:goodiwaremodel:goodreaderscope:eqversion:3.16

Trust: 0.3

vendor:goodiwaremodel:goodreaderscope:neversion:3.17.1

Trust: 0.3

vendor:goodiwaremodel:goodreaderscope:neversion:3.17

Trust: 0.3

sources: BID: 54872 // JVNDB: JVNDB-2012-000073 // CNNVD: CNNVD-201208-053 // NVD: CVE-2012-2648

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-2648
value: MEDIUM

Trust: 1.0

IPA: JVNDB-2012-000073
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201208-053
value: MEDIUM

Trust: 0.6

VULHUB: VHN-55929
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2012-2648
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

IPA: JVNDB-2012-000073
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-55929
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-55929 // JVNDB: JVNDB-2012-000073 // CNNVD: CNNVD-201208-053 // NVD: CVE-2012-2648

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-55929 // JVNDB: JVNDB-2012-000073 // NVD: CVE-2012-2648

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201208-053

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201208-053

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2012-000073

PATCH
title:GoodReaderurl:http://www.goodiware.com/goodreader.html
Trust: 0.8
title:Apple iPad/iPhone/iPod touch iOS Fixes for cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=203177
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2012-000073 // 
            
            
            
            CNNVD: CNNVD-201208-053

EXTERNAL IDS
db:NVDid:CVE-2012-2648
Trust: 2.8
db:JVNid:JVN01598734
Trust: 2.8
db:JVNDBid:JVNDB-2012-000073
Trust: 2.5
db:CNNVDid:CNNVD-201208-053
Trust: 0.7
db:BIDid:54872
Trust: 0.4
db:VULHUBid:VHN-55929
Trust: 0.1
sources:
            
            
            VULHUB: VHN-55929 // 
            
            
            
            BID: 54872 // 
            
            
            
            JVNDB: JVNDB-2012-000073 // 
            
            
            
            CNNVD: CNNVD-201208-053 // 
            
            
            
            NVD: CVE-2012-2648

REFERENCES
url:http://jvn.jp/en/jp/jvn01598734/index.html
Trust: 2.8
url:http://jvndb.jvn.jp/jvndb/jvndb-2012-000073
Trust: 1.7
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-2648
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-2648
Trust: 0.8
url:http://software.cisco.com/download/navigator.html?mdfid=283613663
Trust: 0.3
url:http://www.goodreader.net/goodreader.html
Trust: 0.3
sources:
            
            
            VULHUB: VHN-55929 // 
            
            
            
            BID: 54872 // 
            
            
            
            JVNDB: JVNDB-2012-000073 // 
            
            
            
            CNNVD: CNNVD-201208-053 // 
            
            
            
            NVD: CVE-2012-2648

CREDITS
Keigo Yamazaki of LAC Co. Ltd
Trust: 0.3
sources:
            
            
            BID: 54872

SOURCES
db:VULHUBid:VHN-55929
db:BIDid:54872
db:JVNDBid:JVNDB-2012-000073
db:CNNVDid:CNNVD-201208-053
db:NVDid:CVE-2012-2648

LAST UPDATE DATE
2024-11-23T22:27:31.464000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-55929date:2012-08-10T00:00:00
db:BIDid:54872date:2012-08-07T00:00:00
db:JVNDBid:JVNDB-2012-000073date:2012-08-02T00:00:00
db:CNNVDid:CNNVD-201208-053date:2022-08-10T00:00:00
db:NVDid:CVE-2012-2648date:2024-11-21T01:39:21.223

SOURCES RELEASE DATE
db:VULHUBid:VHN-55929date:2012-08-07T00:00:00
db:BIDid:54872date:2012-08-07T00:00:00
db:JVNDBid:JVNDB-2012-000073date:2012-08-02T00:00:00
db:CNNVDid:CNNVD-201208-053date:2012-08-08T00:00:00
db:NVDid:CVE-2012-2648date:2012-08-07T19:55:02.187