CVE-2020-37087

2026-02-03 [email protected]

Lifecycle Timeline

3
Analysis Generated
Mar 12, 2026 - 21:54 vuln.today
PoC Detected
Feb 04, 2026 - 16:33 vuln.today
Public exploit code
CVE Published
Feb 03, 2026 - 23:16 nvd
N/A

Tags

XSS

Description

Easy Transfer Wifi Transfer v1.7 for iOS contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious scripts by manipulating the oldPath, newPath, and path parameters in Create Folder and Move/Edit functions. Attackers can exploit improper input validation via POST requests to execute arbitrary JavaScript in the context of the mobile web application.

Analysis

Easy Transfer Wifi Transfer v1.7 for iOS contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious scripts by manipulating the oldPath, newPath, and path parameters in Create Folder and Move/Edit functions.

Technical Context

Classified as CWE-79 (Cross-site Scripting (XSS)). Easy Transfer Wifi Transfer v1.7 for iOS contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious scripts by manipulating the oldPath, newPath, and path parameters in Create Folder and Move/Edit functions. Attackers can exploit improper input validation via POST requests to execute arbitrary JavaScript in the context of the mobile web application.

Affected Products

Easy Transfer Wifi Transfer v1.7 for iOS contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious scr

Remediation

Monitor vendor advisories for a patch. Implement output encoding and Content Security Policy headers.

Priority Score

20
Low Medium High Critical
KEV: 0
EPSS: +0.2
CVSS: +0
POC: +20

Share

CVE-2020-37087 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy