Unrated severityNVD Advisory· Published Nov 23, 2015· Updated Jun 17, 2026
CVE-2015-5256
CVE-2015-5256
Description
Apache Cordova-Android before 4.1.0, when an application relies on a remote server, improperly implements a JavaScript whitelist protection mechanism, which allows attackers to bypass intended access restrictions via a crafted URI.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <4.1.0
Patches
Vulnerability mechanics
References
6- cordova.apache.org/announcements/2015/11/20/security.htmlnvdVendor Advisory
- jvn.jp/en/jp/JVN18889193/index.htmlnvd
- jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000187.htmlnvd
- packetstormsecurity.com/files/134497/Apache-Cordova-3.7.2-Whitelist-Failure.htmlnvd
- www.securityfocus.com/archive/1/536944/100/0/threadednvd
- www.securityfocus.com/bid/77677nvd
News mentions
0No linked articles in our index yet.