Description

The CDVInAppBrowser class in the Apache Cordova In-App-Browser standalone plugin (org.apache.cordova.inappbrowser) before 0.3.2 for iOS and the In-App-Browser plugin for iOS from Cordova 2.6.0 through 2.9.0 does not properly validate callback identifiers, which allows remote attackers to execute arbitrary JavaScript in the host page and consequently gain privileges via a crafted gap-iab: URI.

Remediation

References

http://d3adend.org/blog/?p=403

http://seclists.org/fulldisclosure/2014/Mar/30

http://www.securityfocus.com/archive/1/531334/100/0/threaded

http://www.securityfocus.com/bid/65959

https://exchange.xforce.ibmcloud.com/vulnerabilities/91560

https://github.com/apache/cordova-plugin-inappbrowser/commit/26702cb0720c5c394b407c23570136c53171fa55

https://mail-archives.apache.org/mod_mbox/cordova-dev/201403.mbox/%3CCAK_TSXLGJag5Q9ATUCbFtkWvMWX9XnC80kKp-HKi25gPcvV4gw%40mail.gmail.com%3E

Related Vulnerabilities

CVE-2022-35980 Vulnerability in maven package org.opensearch.plugin:opensearch-security

CVE-2020-17527 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core

CVE-2023-22665 Vulnerability in maven package org.apache.jena:jena-arq

CVE-2023-22465 Vulnerability in maven package org.http4s:http4s-core_2.12

CVE-2017-11556 Vulnerability in maven package org.webjars.npm:node-sass

Severity

Critical

Classification

CWE-264 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Issue Tracking Third Party Advisory Mailing List VDB Entry Patch Vendor Advisory