Description

The CDVInAppBrowser class in the Apache Cordova In-App-Browser standalone plugin (org.apache.cordova.inappbrowser) before 0.3.2 for iOS and the In-App-Browser plugin for iOS from Cordova 2.6.0 through 2.9.0 does not properly validate callback identifiers, which allows remote attackers to execute arbitrary JavaScript in the host page and consequently gain privileges via a crafted gap-iab: URI.

Remediation

References

http://d3adend.org/blog/?p=403

http://seclists.org/fulldisclosure/2014/Mar/30

http://www.securityfocus.com/archive/1/531334/100/0/threaded

http://www.securityfocus.com/bid/65959

https://exchange.xforce.ibmcloud.com/vulnerabilities/91560

https://github.com/apache/cordova-plugin-inappbrowser/commit/26702cb0720c5c394b407c23570136c53171fa55

https://mail-archives.apache.org/mod_mbox/cordova-dev/201403.mbox/%3CCAK_TSXLGJag5Q9ATUCbFtkWvMWX9XnC80kKp-HKi25gPcvV4gw%40mail.gmail.com%3E

Related Vulnerabilities

CVE-2022-35915 Vulnerability in maven package org.webjars.npm:openzeppelin__contracts-upgradeable

CVE-2021-26291 Vulnerability in maven package org.apache.maven:apache-maven

CVE-2023-45133 Vulnerability in maven package org.webjars.npm:babel__traverse

CVE-2020-28439 Vulnerability in npm package corenlp-js-prefab

CVE-2022-41915 Vulnerability in maven package io.netty:netty-codec

Severity

Critical

Classification

CWE-264 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Issue Tracking Third Party Advisory Mailing List VDB Entry Patch Vendor Advisory