Description

Apache Cordova Android before 3.5.1 allows remote attackers to change the start page via a crafted intent URL.

Remediation

References

http://cordova.apache.org/announcements/2014/08/04/android-351.html

http://www.securityfocus.com/bid/69038

Related Vulnerabilities

CVE-2015-1835 Vulnerability in npm package cordova-android

CVE-2020-13942 Vulnerability in maven package org.apache.unomi:unomi-persistence-elasticsearch-core

CVE-2021-21627 Vulnerability in maven package org.jenkins-ci.plugins:libvirt-slave

CVE-2023-41900 Vulnerability in maven package org.eclipse.jetty:jetty-openid

CVE-2022-41934 Vulnerability in maven package org.xwiki.platform:xwiki-platform-menu-ui

Severity

Critical

Classification

CWE-17

Tags

Vendor Advisory