3 matches found
EUVD-2026-35041
Summary The iOS implementation of cordova-plugin-inappbrowser passes the id field from a WKScriptMessage body to commandDelegate sendPluginResult:callbackId: with no format validation CDVWKInAppBrowser.m:560–574. Any web content loaded inside the InAppBrowser can fire any pending Cordova callback...
massif code execution vulnerability
massif is a WebKit script written in JavaScript. A security vulnerability exists in massif, which originates when the program downloads an executable file over an unencrypted HTTP connection. A remote attacker could exploit the vulnerability by intercepting the response and replacing the requeste...
massif code execution vulnerability (CNVD-2018-15161)
massif is a WebKit script written in JavaScript. A security vulnerability exists in massif, which originates when the program downloads an executable file over an unencrypted HTTP connection. A remote attacker could exploit the vulnerability by intercepting the response and replacing the requeste...