Notification from Google Play: webview is vulnerable to file-based cross-site scripting

Notification From Google Play

I recently got a notification from google play saying that:-

"We reviewed Xoma - Lite, with package name [com.xoma.pro]/com.xoma.pro/), and found that your app uses software that contains security vulnerabilities for users. Apps with these vulnerabilities can expose user information or damage a user’s device and may be considered to violate our Malicious Behavior policy.

Below is the list of issues and the corresponding APK versions that were detected in your recent submission. **Please migrate your apps to use the updated software as soon as possible and increment the version number of the upgraded APK."

//So how can I fix it and migrate my apps to use the updated software as soon as possible and increment the version number of the upgraded APK.
App link-https://play.google.com/store/apps/details?id=com.xoma.pro

here is a screenshot of it:-

My app’s deadline is May 13, 2020, before that, I need to fix it
Kodular experts and Prokodurs please help me!! :sob: :tired_face: :tired_face: :weary:

1 Like

I think it’s the error with Kodular webview or they have to fix SSL Error.

1 Like

that means I need to set webview view to ignore sql errors??

1 Like

I’m not confirmed about that, wait for the official answer.

2 Likes

but no one is seeing my post

1 Like

i want to raise my topic up

2 Likes

Thats not allowed. What is the problem with being patient?

2 Likes

sorry, can you say what is wrong with the above message

1 Like

You are also contacting people by PM to answer your question. This is not a customer service.
People have lives, work, sleep, etc. BE PATIENT! Post your questions and let people get to it when they can!
Personally I don’t know anything about why Google doesn’t want your app. If I were you I would ask Google instead.
You started this post an hour ago and you want all of us leaving everything we have to do to fix your problem? That’s not how this works. Get used to it.

3 Likes

i am googled ALREDY

1 Like

Unbenannt

what about providing the link to that Google Help Center article?

@Yasir_Shakoor is there a bug report for that or a link to another thread?

Taifun
PS: I edited the subject of your thread…

I was Googling and i found something.

And the answer was this.

PS: have look on this:- Fixing a File-based XSS Vulnerability - Google Help @bgpsdr

1 Like

so now what should i do?

1 Like

Main question is which website you are showing in your app because ssl certificate is from website provider not from any browser,if its your then update SSL certificate.
If you are showing some html content from assets or via run html block then in webviever properties check ignore ssl.

1 Like

its no my website

1 Like

should i check to ignore ssl errors in next update?

1 Like

Taifun should i check ignore ssl errors?

1 Like

Please be patient, there’s no need to ask the same question twice in the space of a minute.

2 Likes

Yes check it ignore ssl error

1 Like

what is ssl? can you say me briefly

1 Like