search

Kunzisoft / KeePassDX

Lightweight vault and password manager for Android, KeePassDX allows editing encrypted data in a single file in KeePass format and fill in the forms in a secure way.
https://www.keepassdx.com/
GNU General Public License v3.0
4.55k stars 269 forks source link

[question] WebView #1771

Closed m413w4r3 closed 7 months ago

m413w4r3 commented 7 months ago

In the ImmuniWeb report available at this URL, a security flaw has been identified that I find challenging to comprehend:

The flaw is labelled as JS CORS ENABLED IN WEBVIEW with a severity rating of M10 and associated with CWE-749. Hence, my inquiry revolves around two points:

Does KeePassDX utilize WebView? Is this flaw triggered specifically when interacting with a link field within the application ?

m413w4r3 commented 7 months ago

Indeed, I couldn't find usage of WebView in the app. So I will close the issue (false positive)