3 matches found
GHSA-Q42J-X8RQ-PJG6 Cordova Plugin InAppBrowser: iOS: Arbitrary Cordova callback IDs can be dispatched without validation from InAppBrowser WebViews.
Summary The iOS implementation of cordova-plugin-inappbrowser passes the id field from a WKScriptMessage body to commandDelegate sendPluginResult:callbackId: with no format validation CDVWKInAppBrowser.m:560–574. Any web content loaded inside the InAppBrowser can fire any pending Cordova callback...
CVE-2026-47430
CVE-2026-47430 affects the iOS implementation of Cordova Plugin InAppBrowser. The issue arises when the WKScriptMessage id field is passed to commandDelegate sendPluginResult:callbackId: without format validation (CDVWKInAppBrowser.m:560–574), allowing a web content loaded in the InAppBrowser to ...
PT-2026-47194
Name of the Vulnerable Software and Affected Versions Cordova Plugin InAppBrowser versions 3.1.0 through 6.0.0 Description The iOS implementation of the InAppBrowser plugin fails to validate the id field from a WKScriptMessage body before passing it to the commandDelegate...