Design/Logic Flaw

2014-03-0304:50:00

PRIOn knowledge base

www.prio-n.com

7.2 High

AI Score

Confidence

Low

0.012 Low

EPSS

Percentile

85.0%

JSON

Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier on Windows Phone 7 and 8 do not properly restrict navigation events, which allows remote attackers to bypass intended device-resource restrictions via content that is accessed (1) in an IFRAME element or (2) with the XMLHttpRequest method by a crafted application.

CPENameOperatorVersion
phonegaple2.9.0
phonegapeq2.0.0
phonegapeq2.0.0 rc1
phonegapeq2.1.0
phonegapeq2.2.0 rc1
phonegapeq2.2.0
phonegapeq2.2.0 rc2
phonegapeq2.3.0 rc2
phonegapeq2.3.0
phonegapeq2.3.0 rc1

Name	Operator	Version
phonegap	le	2.9.0
phonegap	eq	2.0.0
phonegap	eq	2.0.0 rc1
phonegap	eq	2.1.0
phonegap	eq	2.2.0 rc1
phonegap	eq	2.2.0
phonegap	eq	2.2.0 rc2
phonegap	eq	2.3.0 rc2
phonegap	eq	2.3.0
phonegap	eq	2.3.0 rc1