CVE-2014-0073 in Cordova In-App-Browser Standalone Plugininformazioni

Riassunto

di MITRE

The CDVInAppBrowser class in the Apache Cordova In-App-Browser standalone plugin (org.apache.cordova.inappbrowser) before 0.3.2 for iOS and the In-App-Browser plugin for iOS from Cordova 2.6.0 through 2.9.0 does not properly validate callback identifiers, which allows remote attackers to execute arbitrary JavaScript in the host page and consequently gain privileges via a crafted gap-iab: URI.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Prenotare

03/12/2013

Divulgazione

30/10/2017

Moderazione

accettato

Voce

VDB-108789

CPE

pronto

CWE

CWE-264 (confermato)

CVSS

9.8 (NVD)

EPSS

0.08128

KEV

Attività

molto basso

Settore

Homeoffice

Fonti

MITRE	https://www.cve.org/CVERecord?id=CVE-2014-0073
NVD	https://nvd.nist.gov/vuln/detail/CVE-2014-0073
CVE Details	https://www.cvedetails.com/cve/CVE-2014-0073/

◂ Precedente Visione D'ensemble Il prossimo ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!