Vulnerability Details CVE-2014-0073
The CDVInAppBrowser class in the Apache Cordova In-App-Browser standalone plugin (org.apache.cordova.inappbrowser) before 0.3.2 for iOS and the In-App-Browser plugin for iOS from Cordova 2.6.0 through 2.9.0 does not properly validate callback identifiers, which allows remote attackers to execute arbitrary JavaScript in the host page and consequently gain privileges via a crafted gap-iab: URI.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.114
EPSS Ranking 93.2%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- http://d3adend.org/blog/?p=403
- http://seclists.org/fulldisclosure/2014/Mar/30
- http://www.securityfocus.com/archive/1/531334/100/0/threaded
- http://www.securityfocus.com/bid/65959
- https://exchange.xforce.ibmcloud.com/vulnerabilities/91560
- https://github.com/apache/cordova-plugin-inappbrowser/commit/26702cb0720c5c394b407c23570136c53171fa55
- https://mail-archives.apache.org/mod_mbox/cordova-dev/201403.mbox/%3CCAK_TSXLGJag5Q9ATUCbFtkWvMWX9XnC80kKp-HKi25gPcvV4gw%40mail.gmail.com%3E
- http://d3adend.org/blog/?p=403
- http://seclists.org/fulldisclosure/2014/Mar/30
- http://www.securityfocus.com/archive/1/531334/100/0/threaded
- http://www.securityfocus.com/bid/65959
- https://exchange.xforce.ibmcloud.com/vulnerabilities/91560
- https://github.com/apache/cordova-plugin-inappbrowser/commit/26702cb0720c5c394b407c23570136c53171fa55
- https://mail-archives.apache.org/mod_mbox/cordova-dev/201403.mbox/%3CCAK_TSXLGJag5Q9ATUCbFtkWvMWX9XnC80kKp-HKi25gPcvV4gw%40mail.gmail.com%3E
Products affected by CVE-2014-0073
-
cpe:2.3:a:apache:cordova:2.6.0
-
cpe:2.3:a:apache:cordova:2.7.0
-
cpe:2.3:a:apache:cordova:2.8.0
-
cpe:2.3:a:apache:cordova:2.9.0
-
cpe:2.3:a:apache:cordova_in-app-browser:0.3.1