CVE-2020-16873 MEDIUM

CVE-2020-16873: Xamarin.Forms Spoofing Vulnerability

Vendor Microsoft
Product xamarin.forms
Published September 11, 2020
Last update August 4, 2024

CVSS base score

4.7/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N/E:F/RL:O/RC:C/CR:M/MAV:N/MAC:L/MPR:N/MUI:R/MS:C

What the vulnerability does

01Description

<p>A spoofing vulnerability manifests in Microsoft Xamarin.Forms due to the default settings on Android WebView version prior to 83.0.4103.106. This vulnerability could allow an attacker to execute arbitrary Javascript code on a target system.</p> <p>For the attack to be successful, the targeted user would need to browse to a malicious website or a website serving the malicious code through Xamarin.Forms.</p> <p>The security update addresses this vulnerability by preventing the malicious Javascript from running in the WebView.</p>

Key dates

02Disclosure timeline

September 11, 2020 CVE published
August 4, 2024 Record updated