CVE-2014-0073
First published: Mon Oct 30 2017(Updated: )
The CDVInAppBrowser class in the Apache Cordova In-App-Browser standalone plugin (org.apache.cordova.inappbrowser) before 0.3.2 for iOS and the In-App-Browser plugin for iOS from Cordova 2.6.0 through 2.9.0 does not properly validate callback identifiers, which allows remote attackers to execute arbitrary JavaScript in the host page and consequently gain privileges via a crafted gap-iab: URI.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache Cordova In-app-browser | <=0.3.1 | |
| Apache Cordova | >=2.6.0<=2.9.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://d3adend.org/blog/?p=403
- http://seclists.org/fulldisclosure/2014/Mar/30
- http://www.securityfocus.com/archive/1/531334/100/0/threaded
- http://www.securityfocus.com/bid/65959
- https://exchange.xforce.ibmcloud.com/vulnerabilities/91560
- https://github.com/apache/cordova-plugin-inappbrowser/commit/26702cb0720c5c394b407c23570136c53171fa55
- https://mail-archives.apache.org/mod_mbox/cordova-dev/201403.mbox/%3CCAK_TSXLGJag5Q9ATUCbFtkWvMWX9XnC80kKp-HKi25gPcvV4gw@mail.gmail.com%3E
- https://mail-archives.apache.org/mod_mbox/cordova-dev/201403.mbox/%3CCAK_TSXLGJag5Q9ATUCbFtkWvMWX9XnC80kKp-HKi25gPcvV4gw%40mail.gmail.com%3E
- collector/nvd-index
- agent/type
- agent/event
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/description
- agent/remedy
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/apache
- canonical/apache cordova in-app-browser
- version/apache cordova in-app-browser/0.3.1
- canonical/apache cordova
- version/apache cordova/2.6.0
- version/apache cordova/2.9.0