CVE-2020-20093

MEDIUM

Facebook Messenger <227.0-228.1.0.10.116 - CSRF

Title source: llm

Description

The Facebook Messenger app for iOS 227.0 and prior and Android 228.1.0.10.116 and prior user interface does not properly represent URI messages to the user, which results in URI spoofing via specially crafted messages.

Exploits (1)

nomisec WORKING POC 89 stars

by zadewg · poc

https://github.com/zadewg/RIUS

View Code ZIP pw:eip

References (2)

Core 2

Core References

Exploit, Third Party Advisory x_refsource_misc

https://github.com/zadewg/RIUS

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/166448/RTLO-Injection-URI-Spoofing.html

Scores

CVSS v3 6.5

EPSS 0.0355

EPSS Percentile 87.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Details

Status published

Products (2)

facebook/messenger < 227.0

facebook/messenger < 228.1.0.10.116

Published Mar 23, 2022

Tracked Since Feb 18, 2026