2 matches found
Improper Validation of Specified Type of Input
Overview cordova-plugin-inappbrowser is a Cordova InAppBrowser Plugin. Affected versions of this package are vulnerable to Improper Validation of Specified Type of Input via the id field in messages sent from web content to the host application. An attacker can trigger arbitrary Cordova plugin...
EUVD-2026-35041
Summary The iOS implementation of cordova-plugin-inappbrowser passes the id field from a WKScriptMessage body to commandDelegate sendPluginResult:callbackId: with no format validation CDVWKInAppBrowser.m:560–574. Any web content loaded inside the InAppBrowser can fire any pending Cordova callback...