Description

The CDVInAppBrowser class in the Apache Cordova In-App-Browser standalone plugin (org.apache.cordova.inappbrowser) before 0.3.2 for iOS and the In-App-Browser plugin for iOS from Cordova 2.6.0 through 2.9.0 does not properly validate callback identifiers, which allows remote attackers to execute arbitrary JavaScript in the host page and consequently gain privileges via a crafted gap-iab: URI.

Remediation

References

http://d3adend.org/blog/?p=403

http://seclists.org/fulldisclosure/2014/Mar/30

http://www.securityfocus.com/archive/1/531334/100/0/threaded

http://www.securityfocus.com/bid/65959

https://exchange.xforce.ibmcloud.com/vulnerabilities/91560

https://github.com/apache/cordova-plugin-inappbrowser/commit/26702cb0720c5c394b407c23570136c53171fa55

https://mail-archives.apache.org/mod_mbox/cordova-dev/201403.mbox/%3CCAK_TSXLGJag5Q9ATUCbFtkWvMWX9XnC80kKp-HKi25gPcvV4gw%40mail.gmail.com%3E

Related Vulnerabilities

CVE-2013-6465 Vulnerability in maven package org.jbpm:jbpm-console-ng-human-tasks-client

CVE-2020-7689 Vulnerability in npm package bcrypt

CVE-2022-26112 Vulnerability in maven package org.apache.pinot:pinot-spi

CVE-2022-35142 Vulnerability in npm package raneto

CVE-2019-10428 Vulnerability in maven package org.jenkins-ci.plugins:aqua-security-scanner

Severity

Critical

Classification

CWE-264 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Issue Tracking Third Party Advisory Mailing List VDB Entry Patch Vendor Advisory