Description
CleverTap Cordova Plugin version 2.6.2 allows a remote attacker to execute JavaScript code in any application that is opened via a specially constructed deeplink by an attacker. This is possible because the plugin does not correctly validate the data coming from the deeplinks before using them.
Remediation
References
https://fluidattacks.com/advisories/maiden/
https://github.com/CleverTap/clevertap-cordova
Related Vulnerabilities
CVE-2021-21290 Vulnerability in maven package io.netty:netty-common
CVE-2018-12432 Vulnerability in maven package net.bull.javamelody:javamelody-core
CVE-2016-10735 Vulnerability in maven package org.ow2.jonas:bootstrap
CVE-2022-2079 Vulnerability in npm package nocodb
CVE-2020-10719 Vulnerability in maven package io.undertow:undertow-core