CVE-2014-0073
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The CDVInAppBrowser class in the Apache Cordova In-App-Browser standalone plugin (org.apache.cordova.inappbrowser) before 0.3.2 for iOS and the In-App-Browser plugin for iOS from Cordova 2.6.0 through 2.9.0 does not properly validate callback identifiers, which allows remote attackers to execute arbitrary JavaScript in the host page and consequently gain privileges via a crafted gap-iab: URI.
La clase CDVInAppBrowser en el plugin independiente Apache Cordova In-App-Browser (org.apache.cordova.inappbrowser) en versiones anteriores a la 0.3.2 para iOS y el plugin In-App-Browser para iOS de Cordova desde la versión 2.6.0 hasta la 2.9.0 no valida correctamente los identificadores de devolución de llamada. Esto permite que atacantes remotos ejecuten código JavaScript arbitrario en la página del host y, consecuentemente, obtengan privilegios mediante un URI gap-iab: manipulado.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2013-12-03 CVE Reserved
- 2014-03-04 CVE Published
- 2024-08-06 CVE Updated
- 2024-12-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (7)
URL | Tag | Source |
---|---|---|
http://d3adend.org/blog/?p=403 | Issue Tracking | |
http://seclists.org/fulldisclosure/2014/Mar/30 | Mailing List | |
http://www.securityfocus.com/archive/1/531334/100/0/threaded | Mailing List | |
http://www.securityfocus.com/bid/65959 | Third Party Advisory | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/91560 | Issue Tracking | |
https://mail-archives.apache.org/mod_mbox/cordova-dev/201403.mbox/%3CCAK_TSXLGJag5Q9ATUCbFtkWvMWX9XnC80kKp-HKi25gPcvV4gw%40mail.gmail.com%3E | Mailing List |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://github.com/apache/cordova-plugin-inappbrowser/commit/26702cb0720c5c394b407c23570136c53171fa55 | 2023-11-07 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Apache Search vendor "Apache" | Cordova In-app-browser Search vendor "Apache" for product "Cordova In-app-browser" | <= 0.3.1 Search vendor "Apache" for product "Cordova In-app-browser" and version " <= 0.3.1" | iphone_os |
Affected
| ||||||
Apache Search vendor "Apache" | Cordova Search vendor "Apache" for product "Cordova" | >= 2.6.0 <= 2.9.0 Search vendor "Apache" for product "Cordova" and version " >= 2.6.0 <= 2.9.0" | iphone_os |
Affected
|