We're using the Data Theorem mobile security too and getting the following high priority alert:
Google Play Blocker: Cross App Scripting Vulnerability
The following Java or Kotlin Activities contain WebViews that are vulnerable to Cross App Scripting: com.box.androidsdk.content.auth.OAuthActivity
WebViews that enable JavaScript and load data read from untrusted Intents can be tricked by malicious Apps into executing JavaScript code in an unsafe context.
Is this a known issue? is there a plan for getting it fixed?
I can post their recommended solutions if needed.
*. we're currently using version 5.0.0 which is available on Maven but I can't find any reference for it in the repository releases, should we change it to the latest one shown here? (4.2.3)
We're using the Data Theorem mobile security too and getting the following high priority alert:
Google Play Blocker: Cross App Scripting Vulnerability
The following Java or Kotlin Activities contain WebViews that are vulnerable to Cross App Scripting: com.box.androidsdk.content.auth.OAuthActivity
WebViews that enable JavaScript and load data read from untrusted Intents can be tricked by malicious Apps into executing JavaScript code in an unsafe context.
Is this a known issue? is there a plan for getting it fixed?
I can post their recommended solutions if needed.
*. we're currently using version 5.0.0 which is available on Maven but I can't find any reference for it in the repository releases, should we change it to the latest one shown here? (4.2.3)