27 matches found
CVE-2019-0219
A website running in the InAppBrowser webview on Android could execute arbitrary JavaScript in the main application's webview using a specially crafted gap-iab: URI...
EUVD-2020-0969
A website running in the InAppBrowser webview on Android could execute arbitrary JavaScript in the main application's webview using a specially crafted gap-iab: URI...
CVE-2019-0219
A website running in the InAppBrowser webview on Android could execute arbitrary JavaScript in the main application's webview using a specially crafted gap-iab: URI...
CVE-2019-0219
CVE-2019-0219 affects Cordova InAppBrowser plugin in Cordova Android apps prior to version 3.1.0. A website running in the InAppBrowser webview can exploit a specially crafted gap-iab: URI to execute arbitrary JavaScript in the host app’s main webview, enabling potential privilege escalation. Doc...
Apache cordova-plugin-inappbrowser CVE-2019-0219 Privilege Escalation Vulnerability
Description Apache cordova-plugin-inappbrowser is prone to a privilege-escalation vulnerability. Remote attackers can exploit this issue to gain elevated privileges or execute arbitrary code in the context of the affected application. Versions prior to Apache cordova-plugin-inappbrowser 3.1.0 are...
The vulnerability of the CDVInAppBrowser class in Cordova In-App-Browser extensions allows a hacker to elevate their privileges and execute arbitrary JavaScript code.
The vulnerability of the CDVInAppBrowser extension in Cordova In-App-Browsers is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code and enhance their privileges through specially crafted URIs...
Apache Cordova InAppBrowser远程权限提升漏洞
BUGTRAQ ID: 65959 CVECAN ID: CVE-2014-0073 Cordova InAppBrowser是在您使用window.open呼叫时应用内显示的Web浏览器。 Cordova 2.6.0-2.9.0版本内的Cordova InAppBrowser iOS插件、Cordova InAppBrowser iOS单机版插件0.1.0-0.3.1版本在实现上存在远程权限提升漏洞,远程攻击者可利用该漏洞提升权限,执行未授权操作。 0 Apache Group Cordova 2.6.0 - 2.9.0 厂商补丁: Apache Group ------------...