Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-x2ph-qqwm-9cc6: CleverTap Cordova plugin vulnerable to Cross-site Scripting

CleverTap Cordova Plugin version 2.6.2 allows a remote attacker to execute JavaScript code in any application that is opened via a specially constructed deeplink by an attacker.

This is possible because the plugin does not correctly validate the data coming from the deeplinks before using them.

ghsa
#xss#nodejs#git#java
  1. GitHub Advisory Database
  2. GitHub Reviewed
  3. CVE-2023-2507

CleverTap Cordova plugin vulnerable to Cross-site Scripting

Critical severity GitHub Reviewed Published Jul 15, 2023 to the GitHub Advisory Database • Updated Jul 17, 2023

Package

npm clevertap-cordova (npm)

Affected versions

<= 2.6.2

Published to the GitHub Advisory Database

Jul 15, 2023

Last updated

Jul 17, 2023

Related news

CVE-2023-2507: GitHub - CleverTap/clevertap-cordova: CleverTap Cordova Plugin

CleverTap Cordova Plugin version 2.6.2 allows a remote attacker to execute JavaScript code in any application that is opened via a specially constructed deeplink by an attacker. This is possible because the plugin does not correctly validate the data coming from the deeplinks before using them.

ghsa: Latest News

GHSA-hqmp-g7ph-x543: TunnelVision - decloaking VPNs using DHCP