What is CVE-2020-16873?

A spoofing vulnerability manifests in Microsoft Xamarin.Forms due to the default settings on Android WebView version prior to 83.0.4103.106. This vulnerability could allow an attacker to execute arbitrary Javascript code on a target system. For the attack to be successful, the targeted user would need to browse to a malicious website or a website serving the malicious code through Xamarin.Forms. The security update addresses this vulnerability by preventing the malicious Javascript from running in the WebView.

How severe is CVE-2020-16873?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.8 out of 10.

What type of vulnerability is CVE-2020-16873?

This is classified as CWE-1188, which is a common weakness in software security.

CVE-2020-16873

HIGH Year: 2020

CVSS v3 Score

8.8

High

CVSS v2 Score

6.8

Medium

Weakness Type

CWE-1188

View all →

Vulnerability Description

A spoofing vulnerability manifests in Microsoft Xamarin.Forms due to the default settings on Android WebView version prior to 83.0.4103.106. This vulnerability could allow an attacker to execute arbitrary Javascript code on a target system. For the attack to be successful, the targeted user would need to browse to a malicious website or a website serving the malicious code through Xamarin.Forms. The security update addresses this vulnerability by preventing the malicious Javascript from running in the WebView.

CVE-2017-6684

HIGH

CVSS:8.8(High)

A vulnerability in Cisco Elastic Services Controllers could allow an authenticated, remote attacker to log in to an affected system as the Linux admin user, aka an Insecure Default Credentials Vulnera...

CWE-11882017

CVE-2017-6685

HIGH

CVSS:8.8(High)

A vulnerability in Cisco Ultra Services Framework Staging Server could allow an authenticated, remote attacker with access to the management network to log in as an admin user of the affected device, ...

CWE-11882017

CVE-2017-6686

HIGH

CVSS:8.8(High)

A vulnerability in Cisco Ultra Services Framework Element Manager could allow an authenticated, remote attacker with access to the management network to log in as an admin or oper user of the affected...

CWE-11882017

CVE-2017-6687

HIGH

CVSS:8.8(High)

A vulnerability in Cisco Ultra Services Framework Element Manager could allow an authenticated, remote attacker with access to the management network to log in to the affected device using default cre...

CWE-11882017

CVE-2017-6688

HIGH

CVSS:8.8(High)

A vulnerability in Cisco Elastic Services Controllers could allow an authenticated, remote attacker to log in to an affected system as the Linux root user, aka an Insecure Default Password Vulnerabili...

CWE-11882017

CVE-2017-6689

HIGH

CVSS:8.8(High)

A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to log in to an affected system as the admin user, aka an Insecure Default Administ...

CWE-11882017

CVE-2020-16873

Vulnerability Description

Related Vulnerabilities

CVE-2017-6684

CVE-2017-6685

CVE-2017-6686

CVE-2017-6687

CVE-2017-6688

CVE-2017-6689