Notification from Google Play: webview is vulnerable to file-based cross-site scripting

Xoma · February 14, 2020, 2:44pm

Notification From Google Play

I recently got a notification from google play saying that:-

"We reviewed Xoma - Lite, with package name [com.xoma.pro]/com.xoma.pro/), and found that your app uses software that contains security vulnerabilities for users. Apps with these vulnerabilities can expose user information or damage a user’s device and may be considered to violate our Malicious Behavior policy.

Below is the list of issues and the corresponding APK versions that were detected in your recent submission. **Please migrate your apps to use the updated software as soon as possible and increment the version number of the upgraded APK."

//So how can I fix it and migrate my apps to use the updated software as soon as possible and increment the version number of the upgraded APK.
App link-https://play.google.com/store/apps/details?id=com.xoma.pro

here is a screenshot of it:-

My app’s deadline is May 13, 2020, before that, I need to fix it
Kodular experts and Prokodurs please help me!!

Yasir_Shakoor · February 14, 2020, 2:55pm

I think it’s the error with Kodular webview or they have to fix SSL Error.

Xoma · February 14, 2020, 2:56pm

that means I need to set webview view to ignore sql errors??

Yasir_Shakoor · February 14, 2020, 2:57pm

I’m not confirmed about that, wait for the official answer.

Xoma · February 14, 2020, 3:01pm

but no one is seeing my post

Xoma · February 14, 2020, 3:18pm

i want to raise my topic up

Peter · February 14, 2020, 3:47pm

Thats not allowed. What is the problem with being patient?

Xoma · February 14, 2020, 3:59pm

sorry, can you say what is wrong with the above message

Italo · February 14, 2020, 4:03pm

You are also contacting people by PM to answer your question. This is not a customer service.
People have lives, work, sleep, etc. BE PATIENT! Post your questions and let people get to it when they can!
Personally I don’t know anything about why Google doesn’t want your app. If I were you I would ask Google instead.
You started this post an hour ago and you want all of us leaving everything we have to do to fix your problem? That’s not how this works. Get used to it.

Xoma · February 14, 2020, 4:04pm

i am googled ALREDY

Taifun · February 14, 2020, 5:52pm

Unbenannt

what about providing the link to that Google Help Center article?

@Yasir_Shakoor is there a bug report for that or a link to another thread?

Taifun
PS: I edited the subject of your thread…

Yasir_Shakoor · February 15, 2020, 2:25am

I was Googling and i found something.

And the answer was this.

PS: have look on this:- Fixing a File-based XSS Vulnerability - Google Help @Xoma

Xoma · February 15, 2020, 5:06am

so now what should i do?

ShaikhSajidAli · February 15, 2020, 7:44am

Main question is which website you are showing in your app because ssl certificate is from website provider not from any browser,if its your then update SSL certificate.
If you are showing some html content from assets or via run html block then in webviever properties check ignore ssl.

Xoma · February 15, 2020, 1:28pm

its no my website

Xoma · February 15, 2020, 1:31pm

should i check to ignore ssl errors in next update?

Xoma · February 15, 2020, 1:32pm

Taifun should i check ignore ssl errors?

deanart2012 · February 15, 2020, 1:38pm

Please be patient, there’s no need to ask the same question twice in the space of a minute.

ShaikhSajidAli · February 15, 2020, 1:41pm

Yes check it ignore ssl error

Xoma · February 15, 2020, 1:42pm

what is ssl? can you say me briefly