Description
CleverTap Cordova Plugin version 2.6.2 allows a remote attacker to execute JavaScript code in any application that is opened via a specially constructed deeplink by an attacker. This is possible because the plugin does not correctly validate the data coming from the deeplinks before using them.
Remediation
References
https://fluidattacks.com/advisories/maiden/
https://github.com/CleverTap/clevertap-cordova
https://github.com/CleverTap/clevertap-cordova/releases/tag/2.7.0
Related Vulnerabilities
CVE-2021-43803 Vulnerability in npm package next
CVE-2010-1587 Vulnerability in maven package org.apache.activemq:apache-activemq
CVE-2023-4853 Vulnerability in maven package io.quarkus:quarkus-undertow
CVE-2022-0722 Vulnerability in maven package org.webjars.npm:parse-url
CVE-2023-42794 Vulnerability in maven package org.apache.tomcat:tomcat-catalina