Lucene search
K

7 matches found

EUVD
EUVD
added 2026/06/08 10:22 a.m.10 views

EUVD-2026-35041

Summary The iOS implementation of cordova-plugin-inappbrowser passes the id field from a WKScriptMessage body to commandDelegate sendPluginResult:callbackId: with no format validation CDVWKInAppBrowser.m:560–574. Any web content loaded inside the InAppBrowser can fire any pending Cordova callback...

9.5CVSS5.4AI score0.00723EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/08 10:22 a.m.8 views

CVE-2026-47430 Cordova Plugin InAppBrowser: iOS: Arbitrary Cordova callback IDs can be dispatched without validation from InAppBrowser WebViews

Summary The iOS implementation of cordova-plugin-inappbrowser passes the id field from a WKScriptMessage body to commandDelegate sendPluginResult:callbackId: with no format validation CDVWKInAppBrowser.m:560–574. Any web content loaded inside the InAppBrowser can fire any pending Cordova callback...

9.5CVSS5.4AI score0.00723EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/08 10:22 a.m.50 views

CVE-2026-47430 Cordova Plugin InAppBrowser: iOS: Arbitrary Cordova callback IDs can be dispatched without validation from InAppBrowser WebViews

Summary The iOS implementation of cordova-plugin-inappbrowser passes the id field from a WKScriptMessage body to commandDelegate sendPluginResult:callbackId: with no format validation CDVWKInAppBrowser.m:560–574. Any web content loaded inside the InAppBrowser can fire any pending Cordova callback...

9.5CVSS0.00723EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.11 views

Apache Cordova Plugin InAppBrowser 输入验证错误漏洞

Apache Cordova Plugin InAppBrowser is an embedded browser plugin developed by the Apache Foundation. Versions 3.1.0 to 6.0.0 of Apache Cordova Plugin InAppBrowser contain a vulnerability related to input validation errors. This vulnerability stems from insufficient format validation of the id fie...

9.5CVSS5.4AI score0.00723EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/07 12:0 a.m.19 views

PT-2026-47194

Name of the Vulnerable Software and Affected Versions Cordova Plugin InAppBrowser versions 3.1.0 through 6.0.0 Description The iOS implementation of the InAppBrowser plugin fails to validate the id field from a WKScriptMessage body before passing it to the commandDelegate...

9.5CVSS5.5AI score0.00723EPSS
Exploits0References8
vulnersOsv
vulnersOsv
added 2020/09/04 5:57 p.m.5 views

@brettparkhurst/kinetic (>=2.0.0 <=2.0.17), appworks-js (>=16.0.0 <=16.0.1) +8 more potentially affected by CVE-2019-0219 via cordova-plugin-inappbrowser (>=1.7.2 <=3.0.0)

cordova-plugin-inappbrowser NPM version =1.7.2, =2.0.0, =16.0.0, =1.2.0, =0.0.1, =1.0.13, =0.3.2, =1.0.0, =1.2.4 Source cves: CVE-2019-0219 Source advisory: OSV:GHSA-C6PW-Q7F2-97HV...

9.8CVSS7.2AI score0.0783EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2018/02/01 12:0 a.m.8 views

The vulnerability of the CDVInAppBrowser class in Cordova In-App-Browser extensions allows a hacker to elevate their privileges and execute arbitrary JavaScript code.

The vulnerability of the CDVInAppBrowser extension in Cordova In-App-Browsers is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code and enhance their privileges through specially crafted URIs...

9.8CVSS5.9AI score0.08128EPSS
Exploits1References9Affected Software2
Rows per page
Query Builder