Vulnerability Details : CVE-2020-25203
The Framer Preview application 12 for Android exposes com.framer.viewer.FramerViewActivity to other applications. By calling the intent with the action set to android.intent.action.VIEW, any other application is able to load any website/web content into the application's context, which is shown as a full-screen overlay to the user.
Products affected by CVE-2020-25203
- cpe:2.3:a:framer:framer_preview:12.0:*:*:*:*:android:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-25203
0.09%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 39 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-25203
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
1.9
|
LOW | AV:L/AC:M/Au:N/C:N/I:P/A:N |
3.4
|
2.9
|
NIST | |
5.5
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N |
1.8
|
3.6
|
NIST |
References for CVE-2020-25203
-
http://packetstormsecurity.com/files/159264/Framer-Preview-12-Content-Injection.html
Framer Preview 12 Content Injection ≈ Packet StormExploit;Third Party Advisory;VDB Entry
-
https://rcesecurity.com
Broken Link
Jump to