A cross-site scripting vulnerability exists in Apache Cordova InAppBrowser 3.0.0 and prior versions. An attacker could exploit the vulnerability to execute arbitrary JavaScript code in the main application web view with the help of a specially crafted gap-iab:URI.
CPE | Name | Operator | Version |
---|---|---|---|
apache cordova inappbrowser | le | 3.0.0 |