The CDVInAppBrowser class in the Apache Cordova In-App-Browser standalone plugin (org.apache.cordova.inappbrowser) before 0.3.2 for iOS and the In-App-Browser plugin for iOS from Cordova 2.6.0 through 2.9.0 does not properly validate callback identifiers, which allows remote attackers to execute arbitrary JavaScript in the host page and consequently gain privileges via a crafted gap-iab: URI.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2017-10-30T19:00:00
Updated: 2024-08-06T09:05:37.064Z
Reserved: 2013-12-03T00:00:00
Link: CVE-2014-0073
Vulnrichment
No data.
NVD
Status : Modified
Published: 2017-10-30T19:29:00.373
Modified: 2024-11-21T02:01:18.110
Link: CVE-2014-0073
Redhat
No data.