Vulnerability Details : CVE-2014-0073
The CDVInAppBrowser class in the Apache Cordova In-App-Browser standalone plugin (org.apache.cordova.inappbrowser) before 0.3.2 for iOS and the In-App-Browser plugin for iOS from Cordova 2.6.0 through 2.9.0 does not properly validate callback identifiers, which allows remote attackers to execute arbitrary JavaScript in the host page and consequently gain privileges via a crafted gap-iab: URI.
Products affected by CVE-2014-0073
Exploit prediction scoring system (EPSS) score for CVE-2014-0073
0.64%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 77 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-0073
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2014-0073
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-0073
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/91560
Apache Cordova In-App-Browser privilege escalation CVE-2014-0073 Vulnerability ReportIssue Tracking;Third Party Advisory;VDB Entry
-
http://d3adend.org/blog/?p=403
dead && endIssue Tracking;Third Party Advisory
-
http://seclists.org/fulldisclosure/2014/Mar/30
Full Disclosure: [CVE-2014-0073] Apache Cordova In-App-Browser privilege escalationMailing List;Third Party Advisory
-
https://github.com/apache/cordova-plugin-inappbrowser/commit/26702cb0720c5c394b407c23570136c53171fa55
Validate that callbackId is correctly formed · apache/cordova-plugin-inappbrowser@26702cb · GitHubIssue Tracking;Patch;Vendor Advisory
-
http://www.securityfocus.com/bid/65959
Apache Cordova InAppBrowser Remote Privilege Escalation VulnerabilityThird Party Advisory;VDB Entry
-
http://www.securityfocus.com/archive/1/531334/100/0/threaded
SecurityFocus
-
https://mail-archives.apache.org/mod_mbox/cordova-dev/201403.mbox/%3CCAK_TSXLGJag5Q9ATUCbFtkWvMWX9XnC80kKp-HKi25gPcvV4gw@mail.gmail.com%3E
[CVE-2014-0073] Apache Cordova In-App-Browser privilege escalationIssue Tracking;Vendor Advisory
Jump to