Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

25 matches found

RedhatCVE
RedhatCVEadded 2026/06/09 2:59 p.m.9 views

CVE-2026-47430

Summary The iOS implementation of cordova-plugin-inappbrowser passes the id field from a WKScriptMessage body to commandDelegate sendPluginResult:callbackId: with no format validation CDVWKInAppBrowser.m:560–574. Any web content loaded inside the InAppBrowser can fire any pending Cordova callback...

9.5CVSS5.4AI score0.00545EPSS
Exploits0References1
Github Security Blog
Github Security Blogadded 2026/06/08 12:30 p.m.10 views

Cordova Plugin InAppBrowser: iOS: Arbitrary Cordova callback IDs can be dispatched without validation from InAppBrowser WebViews.

Summary The iOS implementation of cordova-plugin-inappbrowser passes the id field from a WKScriptMessage body to commandDelegate sendPluginResult:callbackId: with no format validation CDVWKInAppBrowser.m:560–574. Any web content loaded inside the InAppBrowser can fire any pending Cordova callback...

9.5CVSS5.4AI score0.00545EPSS
Exploits0References4Affected Software1
OSV
OSVadded 2026/06/08 12:30 p.m.8 views

GHSA-Q42J-X8RQ-PJG6 Cordova Plugin InAppBrowser: iOS: Arbitrary Cordova callback IDs can be dispatched without validation from InAppBrowser WebViews.

Summary The iOS implementation of cordova-plugin-inappbrowser passes the id field from a WKScriptMessage body to commandDelegate sendPluginResult:callbackId: with no format validation CDVWKInAppBrowser.m:560–574. Any web content loaded inside the InAppBrowser can fire any pending Cordova callback...

9.5CVSS5.4AI score0.00545EPSS
Exploits0References4
Cvelist
Cvelistadded 2026/06/08 10:22 a.m.43 views

CVE-2026-47430 Cordova Plugin InAppBrowser: iOS: Arbitrary Cordova callback IDs can be dispatched without validation from InAppBrowser WebViews

Summary The iOS implementation of cordova-plugin-inappbrowser passes the id field from a WKScriptMessage body to commandDelegate sendPluginResult:callbackId: with no format validation CDVWKInAppBrowser.m:560–574. Any web content loaded inside the InAppBrowser can fire any pending Cordova callback...

9.5CVSS0.00545EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/06/08 10:22 a.m.8 views

CVE-2026-47430 Cordova Plugin InAppBrowser: iOS: Arbitrary Cordova callback IDs can be dispatched without validation from InAppBrowser WebViews

Summary The iOS implementation of cordova-plugin-inappbrowser passes the id field from a WKScriptMessage body to commandDelegate sendPluginResult:callbackId: with no format validation CDVWKInAppBrowser.m:560–574. Any web content loaded inside the InAppBrowser can fire any pending Cordova callback...

9.5CVSS5.4AI score0.00545EPSS
Exploits0References1
EUVD
EUVDadded 2026/06/08 10:22 a.m.9 views

EUVD-2026-35041

Summary The iOS implementation of cordova-plugin-inappbrowser passes the id field from a WKScriptMessage body to commandDelegate sendPluginResult:callbackId: with no format validation CDVWKInAppBrowser.m:560–574. Any web content loaded inside the InAppBrowser can fire any pending Cordova callback...

9.5CVSS5.4AI score0.00545EPSS
Exploits0References1
CVE
CVEadded 2026/06/08 10:22 a.m.35 views

CVE-2026-47430

CVE-2026-47430 affects the iOS implementation of Cordova Plugin InAppBrowser. The issue arises when the WKScriptMessage id field is passed to commandDelegate sendPluginResult:callbackId: without format validation (CDVWKInAppBrowser.m:560–574), allowing a web content loaded in the InAppBrowser to ...

9.5CVSS5.4AI score0.00545EPSS
Exploits0References2
CNNVD
CNNVDadded 2026/06/08 12:0 a.m.8 views

Apache Cordova Plugin InAppBrowser 输入验证错误漏洞

Apache Cordova Plugin InAppBrowser is an embedded browser plugin developed by the Apache Foundation. Versions 3.1.0 to 6.0.0 of Apache Cordova Plugin InAppBrowser contain a vulnerability related to input validation errors. This vulnerability stems from insufficient format validation of the id fie...

9.5CVSS5.4AI score0.00545EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2026/06/07 12:0 a.m.15 views

PT-2026-47194

Name of the Vulnerable Software and Affected Versions Cordova Plugin InAppBrowser versions 3.1.0 through 6.0.0 Description The iOS implementation of the InAppBrowser plugin fails to validate the id field from a WKScriptMessage body before passing it to the commandDelegate...

9.5CVSS5.5AI score0.00545EPSS
Exploits0References4
RedhatCVE
RedhatCVEadded 2025/05/22 10:3 a.m.4 views

CVE-2019-0219

A website running in the InAppBrowser webview on Android could execute arbitrary JavaScript in the main application's webview using a specially crafted gap-iab: URI...

9.8CVSS7.2AI score0.0783EPSS
Exploits0References1
CNVD
CNVDadded 2022/04/22 12:0 a.m.21 views

Apache Cordova Cross-Site Scripting Vulnerability

A cross-site scripting vulnerability exists in Apache Cordova InAppBrowser 3.0.0 and prior versions. An attacker could exploit the vulnerability to execute arbitrary JavaScript code in the main application web view with the help of a specially crafted gap-iab:URI...

9.8CVSS4.9AI score0.0783EPSS
Exploits0References1
Hacker One
Hacker Oneadded 2021/03/10 11:15 a.m.15 views

Reddit: Third party app could steal access token as well as protected files using inAppBrowser

Summary: Reddit android app version : 2021.8.0 OS: Android 11 This app uses com.reddit.frontpage.RedditDeepLinkActivity class to route app links including deeplink and reddit.com links while this class does not check for scheme, host and it opens given url in InAppBrowser and IAB have access to...

0.3AI score
Exploits0
vulnersOsv
vulnersOsvadded 2020/09/04 5:57 p.m.3 views

@brettparkhurst/kinetic (>=2.0.0 <=2.0.17), appworks-js (>=16.0.0 <=16.0.1) +8 more potentially affected by CVE-2019-0219 via cordova-plugin-inappbrowser (>=1.7.2 <=3.0.0)

cordova-plugin-inappbrowser NPM version =1.7.2, =2.0.0, =16.0.0, =1.2.0, =0.0.1, =1.0.13, =0.3.2, =1.0.0, =1.2.4 Source cves: CVE-2019-0219 Source advisory: OSV:GHSA-C6PW-Q7F2-97HV...

9.8CVSS7.2AI score0.0783EPSS
Exploits0
OSV
OSVadded 2020/09/04 5:57 p.m.18 views

GHSA-C6PW-Q7F2-97HV Privilege Escalation in cordova-plugin-inappbrowser

Versions of cordova-plugin-inappbrowser prior to 3.1.0 are vulnerable to Privilege Escalation. A website running in the InAppBrowser webview on Android could execute arbitrary JavaScript in the main application's webview using a specially crafted gap-iab: URI. This affects Cordova Android...

9.8CVSS9.2AI score0.0783EPSS
Exploits0References9
Github Security Blog
Github Security Blogadded 2020/09/04 5:57 p.m.101 views

Privilege Escalation in cordova-plugin-inappbrowser

Versions of cordova-plugin-inappbrowser prior to 3.1.0 are vulnerable to Privilege Escalation. A website running in the InAppBrowser webview on Android could execute arbitrary JavaScript in the main application's webview using a specially crafted gap-iab: URI. This affects Cordova Android...

9.8CVSS6.2AI score0.0783EPSS
Exploits0References9Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2020/03/02 4:44 p.m.27 views

Security Bulletin: IBM MobileFirst Platform Foundation susceptible to privilege escalation on Android

Summary IBM MobileFirst Platform Foundation has addressed the following vulnerability. The affected version of the InAppBrowser plugin has been upgraded. Vulnerability Details CVEID: CVE-2019-0219 DESCRIPTION: Apache Cordova could allow a remote attacker to gain elevated privileges on the system,...

9.8CVSS1.4AI score0.0783EPSS
Exploits0Affected Software1
Node.js
Node.jsadded 2020/01/30 8:43 p.m.32 views

Privilege Escalation

Overview Versions of cordova-plugin-inappbrowser prior to 3.1.0 are vulnerable to Privilege Escalation. A website running in the InAppBrowser webview on Android could execute arbitrary JavaScript in the main application's webview using a specially crafted gap-iab: URI. This affects Cordova Androi...

7.5CVSS5.6AI score0.0783EPSS
Exploits0Affected Software1
OSV
OSVadded 2020/01/14 3:15 p.m.1 views

CVE-2019-0219

A website running in the InAppBrowser webview on Android could execute arbitrary JavaScript in the main application's webview using a specially crafted gap-iab: URI...

9.8CVSS6AI score0.0783EPSS
Exploits0References6
NVD
NVDadded 2020/01/14 3:15 p.m.23 views

CVE-2019-0219

A website running in the InAppBrowser webview on Android could execute arbitrary JavaScript in the main application's webview using a specially crafted gap-iab: URI...

9.8CVSS9.2AI score0.0783EPSS
Exploits0References6
Cvelist
Cvelistadded 2020/01/14 2:18 p.m.25 views

CVE-2019-0219

A website running in the InAppBrowser webview on Android could execute arbitrary JavaScript in the main application's webview using a specially crafted gap-iab: URI...

9.3AI score0.0783EPSS
Exploits0References6
Rows per page
Query Builder