Vulnerability Details CVE-2020-16873
<p>A spoofing vulnerability manifests in Microsoft Xamarin.Forms due to the default settings on Android WebView version prior to 83.0.4103.106. This vulnerability could allow an attacker to execute arbitrary Javascript code on a target system.</p>
<p>For the attack to be successful, the targeted user would need to browse to a malicious website or a website serving the malicious code through Xamarin.Forms.</p>
<p>The security update addresses this vulnerability by preventing the malicious Javascript from running in the WebView.</p>
Exploit prediction scoring system (EPSS) score
EPSS Score 0.025
EPSS Ranking 84.4%
CVSS Severity
CVSS v3 Score 4.7
CVSS v2 Score 6.8
References
Products affected by CVE-2020-16873
-
cpe:2.3:a:google:chrome:38.0.2125.101
-
cpe:2.3:a:google:chrome:40.0.2214.109
-
cpe:2.3:a:google:chrome:40.0.2214.89
-
cpe:2.3:a:google:chrome:42.0.2311.107
-
cpe:2.3:a:google:chrome:54.0.2840.68
-
cpe:2.3:a:microsoft:xamarin.forms:-