The vulnerable versions are v2.2.2.1611 and earlier Proof of Concept: HTML Email including the following payload will execute Javascript statements when the victim open the email using the vulnerable version. Payload: <body> <div> <script>alert('XSS Here')</script> </div> </body> Remediation: I worked with the Good people to close the issue, I provided some guidance and feedback and agreed with them to not disclose it until they fix it. The new release is now available: Update the "Good for Enterprise" iOS application to 2.2.4.1659 or newer References: https://www.roblest.com/#research:CVE-2013-5118 Can the comunity please provide feedback and comments in order to ensure the fix is working well Many thanks MarioБрой прочитания на тази страница: 921
Good for Enterprise 2.2.2.1611 – XSS Vulnerability