Headline

GHSA-x2ph-qqwm-9cc6: CleverTap Cordova plugin vulnerable to Cross-site Scripting

CleverTap Cordova Plugin version 2.6.2 allows a remote attacker to execute JavaScript code in any application that is opened via a specially constructed deeplink by an attacker.

This is possible because the plugin does not correctly validate the data coming from the deeplinks before using them.

1 year ago

ghsa

Open in Source

#xss #nodejs #git #java

GitHub Advisory Database
GitHub Reviewed
CVE-2023-2507

CleverTap Cordova plugin vulnerable to Cross-site Scripting

Critical severity GitHub Reviewed Published Jul 15, 2023 to the GitHub Advisory Database • Updated Jul 17, 2023

Package

npm clevertap-cordova (npm)

Affected versions

<= 2.6.2

Published to the GitHub Advisory Database

Jul 15, 2023

Last updated

Jul 17, 2023

CleverTap Cordova Plugin version 2.6.2 allows a remote attacker to execute JavaScript code in any application that is opened via a specially constructed deeplink by an attacker. This is possible because the plugin does not correctly validate the data coming from the deeplinks before using them.

1 year ago

CVE

Open in Source

#web #ios #android #google #nodejs #js #git #java #perl