CVE-2019-0219

A website running in the InAppBrowser webview on Android could execute arbitrary JavaScript in the main application's webview using a specially crafted gap-iab: URI...

Apache Cordova Cross-Site Scripting Vulnerability

A cross-site scripting vulnerability exists in Apache Cordova InAppBrowser 3.0.0 and prior versions. An attacker could exploit the vulnerability to execute arbitrary JavaScript code in the main application web view with the help of a specially crafted gap-iab:URI...

Reddit: Third party app could steal access token as well as protected files using inAppBrowser

Summary: Reddit android app version : 2021.8.0 OS: Android 11 This app uses com.reddit.frontpage.RedditDeepLinkActivity class to route app links including deeplink and reddit.com links while this class does not check for scheme, host and it opens given url in InAppBrowser and IAB have access to...

Privilege Escalation in cordova-plugin-inappbrowser

Versions of cordova-plugin-inappbrowser prior to 3.1.0 are vulnerable to Privilege Escalation. A website running in the InAppBrowser webview on Android could execute arbitrary JavaScript in the main application's webview using a specially crafted gap-iab: URI. This affects Cordova Android...

GHSA-C6PW-Q7F2-97HV Privilege Escalation in cordova-plugin-inappbrowser

Versions of cordova-plugin-inappbrowser prior to 3.1.0 are vulnerable to Privilege Escalation. A website running in the InAppBrowser webview on Android could execute arbitrary JavaScript in the main application's webview using a specially crafted gap-iab: URI. This affects Cordova Android...

@brettparkhurst/kinetic (>=2.0.0 <=2.0.17), appworks-js (>=16.0.0 <=16.0.1) +8 more potentially affected by CVE-2019-0219 via cordova-plugin-inappbrowser (>=1.7.2 <=3.0.0)

cordova-plugin-inappbrowser NPM version =1.7.2, =2.0.0, =16.0.0, =1.2.0, =0.0.1, =1.0.13, =0.3.2, =1.0.0, =1.2.4 Source cves: CVE-2019-0219 Source advisory: OSV:GHSA-C6PW-Q7F2-97HV...

Security Bulletin: IBM MobileFirst Platform Foundation susceptible to privilege escalation on Android

Summary IBM MobileFirst Platform Foundation has addressed the following vulnerability. The affected version of the InAppBrowser plugin has been upgraded. Vulnerability Details CVEID: CVE-2019-0219 DESCRIPTION: Apache Cordova could allow a remote attacker to gain elevated privileges on the system,...

Privilege Escalation

Overview Versions of cordova-plugin-inappbrowser prior to 3.1.0 are vulnerable to Privilege Escalation. A website running in the InAppBrowser webview on Android could execute arbitrary JavaScript in the main application's webview using a specially crafted gap-iab: URI. This affects Cordova Androi...

CVE-2019-0219

A website running in the InAppBrowser webview on Android could execute arbitrary JavaScript in the main application's webview using a specially crafted gap-iab: URI...

CVE-2019-0219

A website running in the InAppBrowser webview on Android could execute arbitrary JavaScript in the main application's webview using a specially crafted gap-iab: URI...

CVE-2019-0219

CVE-2019-0219 affects Cordova InAppBrowser plugin in Cordova Android apps prior to version 3.1.0. A website running in the InAppBrowser webview can exploit a specially crafted gap-iab: URI to execute arbitrary JavaScript in the host app’s main webview, enabling potential privilege escalation. Doc...

EUVD-2020-0969

A website running in the InAppBrowser webview on Android could execute arbitrary JavaScript in the main application's webview using a specially crafted gap-iab: URI...

CVE-2019-0219

A website running in the InAppBrowser webview on Android could execute arbitrary JavaScript in the main application's webview using a specially crafted gap-iab: URI...

Apache cordova-plugin-inappbrowser CVE-2019-0219 Privilege Escalation Vulnerability

Description Apache cordova-plugin-inappbrowser is prone to a privilege-escalation vulnerability. Remote attackers can exploit this issue to gain elevated privileges or execute arbitrary code in the context of the affected application. Versions prior to Apache cordova-plugin-inappbrowser 3.1.0 are...

Apache Cordova InAppBrowser远程权限提升漏洞

BUGTRAQ ID: 65959 CVECAN ID: CVE-2014-0073 Cordova InAppBrowser是在您使用window.open呼叫时应用内显示的Web浏览器。 Cordova 2.6.0-2.9.0版本内的Cordova InAppBrowser iOS插件、Cordova InAppBrowser iOS单机版插件0.1.0-0.3.1版本在实现上存在远程权限提升漏洞，远程攻击者可利用该漏洞提升权限，执行未授权操作。 0 Apache Group Cordova 2.6.0 - 2.9.0 厂商补丁： Apache Group ------------...