Full title: Framer Preview 12 Content Injection Vulnerability 
Category: local exploits
Platform: Android
Framer Preview version 12 for Android exposes an activity to other apps called "com.framer.viewer.FramerViewActivity". The purpose of this activity is to show contents of a given URL via an fullscreen overlay to the app user. However, the app does neither enforce any authorization schema on the activity nor does it validate the given URL.

# 0day.today @ http://0day.today/