The vulnerable versions are v2.2.2.1611 and earlier
Proof of Concept:
HTML Email including the following payload will execute Javascript statements when the victim open the email using the vulnerable version.
<script>alert('XSS Here')</script>
I worked with the Good people to close the issue, I provided some guidance and feedback and agreed with them to not disclose it until they fix it.

The new release is now available:
Update the "Good for Enterprise" iOS application to or newer

Can the comunity please provide feedback and comments in order to ensure the fix is working well

Many thanks

Rate this post
Брой прочитания на тази страница: 816
Good for Enterprise – XSS Vulnerability
Tagged on:

Вашият коментар

Вашият имейл адрес няма да бъде публикуван. Задължителните полета са отбелязани с *