CVE-2020-16873

medium Microsoft
CVSS v3 Base Score
4.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
EPSS Score
1.2%
Exploitation probability in 30 days
Top 21% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Confidentiality
Low
Integrity
None
Availability
None
Published: September 11, 2020 (2071 days ago)
Last Modified: February 23, 2026
Vendor: Microsoft

Description

<p>A spoofing vulnerability manifests in Microsoft Xamarin.Forms due to the default settings on Android WebView version prior to 83.0.4103.106. This vulnerability could allow an attacker to execute arbitrary Javascript code on a target system.</p> <p>For the attack to be successful, the targeted user would need to browse to a malicious website or a website serving the malicious code through Xamarin.Forms.</p> <p>The security update addresses this vulnerability by preventing the malicious Javascript from running in the WebView.</p>

CWE

CWE-1188

Affected Products

microsoft xamarin.forms

References

🔗 portal.msrc.microsoft.com 🔗 portal.msrc.microsoft.com