A cross-site request forgery (CSRF) vulnerability in Arobas Music Guitar Pro for iPad and iPhone before v1.10.2 allows attackers to hijack the authentication of arbitrary users by exploiting a misconfigured site.
A cross-site scripting (XSS) vulnerability in Arobas Music Guitar Pro for iPad and iPhone before v1.10.2 allows attackers to execute arbitrary JavaScript code in users’ browser sessions via a crafted string.
A cross-site request forgery (CSRF) vulnerability in Arobas Music Guitar Pro for iPad and iPhone before v1.10.2 allows attackers to hijack the authentication of arbitrary users by exploiting a misconfigured site.
A cross-site scripting (XSS) vulnerability in Arobas Music Guitar Pro for iPad and iPhone before v1.10.2 allows attackers to execute arbitrary JavaScript code in users’ browser sessions via a crafted string.
A cross-site request forgery (CSRF) vulnerability in Arobas Music Guitar Pro for iPad and iPhone before v1.10.2 allows attackers to hijack the authentication of arbitrary users by exploiting a misconfigured site.
A cross-site scripting (XSS) vulnerability in Arobas Music Guitar Pro for iPad and iPhone before v1.10.2 allows attackers to execute arbitrary JavaScript code in users’ browser sessions via a crafted string.
A cross-site request for
Parts of the vulnerable application
The application is vulnerable in three different parts:
1. CSRF vulnerability
2. XSS vulnerability
3. CSRF vulnerability
Operation Scenarios
1. An attacker wants to steal personal information from the victim
2. An attacker wants to access their account
3. An attacker wants to get into the social media account of the victim
4. An attacker has a way of getting into their email account
5. The attacker is able to install malware on their device
Timeline
Published on: 11/16/2022 15:15:00 UTC
Last modified on: 11/16/2022 19:41:00 UTC