Back to search
CVE-2020-37087
Published: Feb 3, 2026
Modified: Feb 4, 2026
PUBLISHED
Description
Easy Transfer Wifi Transfer v1.7 for iOS contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious scripts by manipulating the oldPath, newPath, and path parameters in Create Folder and Move/Edit functions. Attackers can exploit improper input validation via POST requests to execute arbitrary JavaScript in the context of the mobile web application.
| Vendor | Product | Versions |
|---|---|---|
Rubikon Teknoloji | Easy Transfer | affected 1.7 |
Weaknesses (CWE)
References
ExploitDB-48395
exploit
technical-description
Vulnerability-Lab Advisory
technical-description
exploit
VulnCheck Advisory: Easy Transfer 1.7 for iOS - Persistent Cross-Site Scripting
third-party-advisory
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now