CVE-2020-37087 MEDIUM

CVE-2020-37087: Easy Transfer 1.7 for iOS - Persistent Cross-Site Scripting

Vendor Rubikon Teknoloji
Product Easy Transfer
Weakness CWE-79 · XSS
Published February 3, 2026
Last update February 4, 2026

CVSS base score

5.1/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

What the vulnerability does

01Description

Easy Transfer Wifi Transfer v1.7 for iOS contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious scripts by manipulating the oldPath, newPath, and path parameters in Create Folder and Move/Edit functions. Attackers can exploit improper input validation via POST requests to execute arbitrary JavaScript in the context of the mobile web application.

Key dates

02Disclosure timeline

February 3, 2026 CVE published
February 4, 2026 Record updated

Related vulnerabilities

04Related CVE