Description
CleverTap Cordova Plugin version 2.6.2 allows a remote attacker to execute JavaScript code in any application that is opened via a specially constructed deeplink by an attacker. This is possible because the plugin does not correctly validate the data coming from the deeplinks before using them.
Remediation
References
https://fluidattacks.com/advisories/maiden/
https://github.com/CleverTap/clevertap-cordova
Related Vulnerabilities
CVE-2023-25765 Vulnerability in maven package org.jenkins-ci.plugins:email-ext
CVE-2021-41151 Vulnerability in npm package @backstage/plugin-scaffolder-backend
CVE-2017-17068 Vulnerability in npm package auth0-js
CVE-2020-13445 Vulnerability in maven package com.liferay:com.liferay.portal.template.freemarker