Description

The CDVInAppBrowser class in the Apache Cordova In-App-Browser standalone plugin (org.apache.cordova.inappbrowser) before 0.3.2 for iOS and the In-App-Browser plugin for iOS from Cordova 2.6.0 through 2.9.0 does not properly validate callback identifiers, which allows remote attackers to execute arbitrary JavaScript in the host page and consequently gain privileges via a crafted gap-iab: URI.

Remediation

References

http://d3adend.org/blog/?p=403

http://seclists.org/fulldisclosure/2014/Mar/30

http://www.securityfocus.com/archive/1/531334/100/0/threaded

http://www.securityfocus.com/bid/65959

https://exchange.xforce.ibmcloud.com/vulnerabilities/91560

https://github.com/apache/cordova-plugin-inappbrowser/commit/26702cb0720c5c394b407c23570136c53171fa55

https://mail-archives.apache.org/mod_mbox/cordova-dev/201403.mbox/%3CCAK_TSXLGJag5Q9ATUCbFtkWvMWX9XnC80kKp-HKi25gPcvV4gw%40mail.gmail.com%3E

Related Vulnerabilities

CVE-2019-1003055 Vulnerability in maven package org.jvnet.hudson.plugins:ftppublisher

CVE-2013-4271 Vulnerability in maven package org.restlet:org.restlet

CVE-2020-6537 Vulnerability in maven package org.webjars.npm:electron

CVE-2022-47105 Vulnerability in maven package org.jeecgframework.boot:jeecg-module-system

CVE-2022-41376 Vulnerability in npm package metro4

Severity

Critical

Classification

CWE-264 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Issue Tracking Third Party Advisory Mailing List VDB Entry Patch Vendor Advisory