VYPR
Critical severity9.8NVD Advisory· Published Oct 30, 2017· Updated Jun 17, 2026

CVE-2014-0073

CVE-2014-0073

Description

The CDVInAppBrowser class in the Apache Cordova In-App-Browser standalone plugin (org.apache.cordova.inappbrowser) before 0.3.2 for iOS and the In-App-Browser plugin for iOS from Cordova 2.6.0 through 2.9.0 does not properly validate callback identifiers, which allows remote attackers to execute arbitrary JavaScript in the host page and consequently gain privileges via a crafted gap-iab: URI.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • cpe:2.3:a:apache:cordova_in-app-browser:*:*:*:*:*:iphone_os:*:*+ 1 more
    • cpe:2.3:a:apache:cordova_in-app-browser:*:*:*:*:*:iphone_os:*:*range: <=0.3.1
    • (no CPE)range: <0.3.2
  • cpe:2.3:a:apache:cordova:*:*:*:*:*:iphone_os:*:*
    Range: >=2.6.0,<=2.9.0

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.