Lucene search
K
ApacheCordova

18 matches found

CVE
CVE
added 2021/02/16 5:0 p.m.1222 views

CVE-2021-21315

CVE-2021-21315 affects the npm package System Information (systeminformation) prior to version 5.3.1. The vulnerability is a command injection in functions that process service/latency queries (e.g., si.inetLatency(), si.inetChecksite(), si.services(), si.processLoad()) which can be exploited via...

7.8CVSS7.5AI score0.9024EPSS
In wild
CVE
CVE
added 2015/11/23 11:0 a.m.79 views

CVE-2015-8320

CVE-2015-8320 affects Apache Cordova Android before 3.7.0, where BridgeSecret data were generated with weak randomness. This lax randomness enables attackers to predict the BridgeSecret value and perform bridge hijacking attacks. The vulnerability is listed with a CVSS v2 base score of 5.0 (Mediu...

5CVSS9.1AI score0.04435EPSS
CVE
CVE
added 2018/02/01 9:0 p.m.78 views

CVE-2017-3160

CVE-2017-3160 affects Apache Cordova for Android, where on first add/build the Gradle tool is downloaded via an HTTP (not HTTPS) URI by default. This enables a man-in-the-middle (MiTM) attack that can tamper with the Gradle distribution, since the downloaded Gradle executable is immediately execu...

7.4CVSS7.2AI score0.03825EPSS
CVE
CVE
added 2014/11/15 9:0 p.m.74 views

CVE-2014-3501

Apache Cordova for Android prior to 3.5.1 is vulnerable (CVE-2014-3501) to bypass the HTTP allowlist via WebView by using JavaScript to open non-http channels, enabling a remote attacker to reach arbitrary servers. The issue stems from improper use of an allowlist when WebView handles non-http co...

4.3CVSS6.8AI score0.03715EPSS
CVE
CVE
added 2014/11/15 9:0 p.m.70 views

CVE-2014-3500

Apache Cordova for Android (pre-3.5.1) is vulnerable to Cross-Application Scripting via crafted Android intents that can change the start page, enabling an attacker to execute script in the victim’s browser and potentially steal cookie-based credentials. The issue stems from insufficient input va...

6.4CVSS6.5AI score0.04062EPSS
CVE
CVE
added 2017/10/27 7:0 p.m.68 views

CVE-2015-1835

CVE-2015-1835 affects Apache Cordova on Android: Cordova Android builds before 3.7.2 and 4.x before 4.0.2 allow remote modification of undefined secondary configuration variables (preferences) when config.xml lacks explicit values, via a crafted URL/Intent. Impact stated as potential modification...

5.3CVSS4.9AI score0.05911EPSS
CVE
CVE
added 2016/05/09 8:0 p.m.62 views

CVE-2015-5208

Apache Cordova iOS prior to 4.0.0 contains a vulnerability that allows arbitrary plugin execution when a user accesses a specially crafted link. The issue affects Cordova iOS up to version 3.x and is remedied by upgrading Cordova to 4.0.0 or later and rebuilding the iOS application.

4.4CVSS5.1AI score0.04623EPSS
CVE
CVE
added 2015/11/23 11:0 a.m.62 views

CVE-2015-5256

Summary of CVE-2015-5256 : Apache Cordova-Android before 4.1.0 contains a flaw in the remote server relyance whitelisting mechanism that allows an attacker to bypass intended access restrictions by crafting a URI. This can enable execution of non-whitelisted JavaScript. Concrete details from conn...

4.3CVSS6.6AI score0.04216EPSS
CVE
CVE
added 2014/11/15 9:0 p.m.59 views

CVE-2014-3502

CVE-2014-3502 affects Apache Cordova on Android prior to 3.5.1. The weakness allows remote attackers to open and send data to arbitrary applications by exploiting a crafted Android intent URI scheme, enabling information exposure via manipulated HTML content within a Cordova app. The CVSS base sc...

4.3CVSS6.6AI score0.04964EPSS
CVE
CVE
added 2014/03/03 2:0 a.m.56 views

CVE-2014-1881

CVE-2014-1881 affects Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier. The vulnerability arises in an event-based bridge technique where a crafted library clone can trigger IFRAME script execution and waits for an OnJsPrompt handler return value to bypass intended device-res...

7.5CVSS6.9AI score0.11208EPSS
CVE
CVE
added 2017/05/09 3:0 p.m.56 views

CVE-2016-6799

CVE-2016-6799 affects Apache Cordova Android 5.2.2 and earlier. The vulnerability arises from logging via the Log class, which stores messages in circular buffers on the device; on Android versions prior to 4.1, logs are not sandboxed per-app, allowing any installed app to read another app’s log ...

7.5CVSS7.1AI score0.02582EPSS
CVE
CVE
added 2017/10/30 7:0 p.m.55 views

CVE-2014-0073

The CVE-2014-0073 issue affects Apache Cordova In-App-Browser for iOS: the In-App-Browser plugin (Cordova 2.6.0–2.9.0) and the standalone iOS plugin (org.apache.cordova.inappbrowser, 0.1.0–0.3.1) fail to properly validate callback identifiers, enabling remote attackers to execute arbitrary JavaSc...

9.8CVSS9.2AI score0.08128EPSS
CVE
CVE
added 2014/03/03 2:0 a.m.52 views

CVE-2014-1884

CVE-2014-1884 affects Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier on Windows Phone 7/8. The root cause is improper restriction of navigation events, which lets remote attackers bypass device-resource restrictions when content is accessed (1) inside an iframe or (2) via t...

7.5CVSS6.8AI score0.08196EPSS
CVE
CVE
added 2017/10/30 7:0 p.m.51 views

CVE-2014-0072

CVE-2014-0072 affects the Apache Cordova File-Transfer stack on iOS. The File-Transfer plugin for iOS (Cordova 2.4.0–2.9.0) and the standalone File-Transfer plugin (org.apache.cordova.file-transfer) prior to 0.4.2 default the trustAllHosts option to true, allowing remote attackers to spoof SSL se...

7.5CVSS7.2AI score0.07725EPSS
CVE
CVE
added 2020/12/01 4:46 p.m.51 views

CVE-2020-11990

CVE-2020-11990 affects the Apache Cordova Plugin camera on Android. Vulnerability: when the plugin caches taken images to external storage, any app with READ_EXTERNAL_STORAGE/WRITE_EXTERNAL_STORAGE can access those cached image files, exposing user photos. Root cause: the external storage caching...

3.3CVSS3.9AI score0.00732EPSS
CVE
CVE
added 2014/03/03 2:0 a.m.48 views

CVE-2012-6637

Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier are affected by a flaw in the domain-name whitelist check: the end of domain-name regular expressions is not anchored, allowing a domain that contains an acceptable name as an initial substring to bypass the whitelist. This is a code/...

7.5CVSS6.8AI score0.09982EPSS
CVE
CVE
added 2014/03/03 2:0 a.m.46 views

CVE-2014-1882

Affected software: Apache Cordova 3.3.0 and earlier; Adobe PhoneGap 2.9.0 and earlier. Root cause: An event-based bridge can be bypassed via a crafted library clone that uses IFRAME script execution to directly access bridge JavaScript objects, demonstrated by cordova.require calls. Impact: Remot...

7.5CVSS6.8AI score0.11683EPSS
CVE
CVE
added 2016/05/09 8:0 p.m.43 views

CVE-2015-5207

Cordova iOS prior to 4.0.0 has a vulnerability where the whitelist restriction is not properly applied, potentially allowing an attacker to load resources by bypassing URL access rules. The issue affects iOS applications built with Cordova and is documented in multiple sources (e.g., JVN-2016-000...

7.5CVSS5.1AI score0.02879EPSS