CVE-2023-2507

Опубликовано: 15 июл. 2023

Источник: nvd

CVSS3: 9.3

CVSS3: 6.1

EPSS Низкий

Описание

CleverTap Cordova Plugin version 2.6.2 allows a remote attacker to execute JavaScript code in any application that is opened via a specially constructed deeplink by an attacker.

This is possible because the plugin does not correctly validate the data coming from the deeplinks before using them.

Ссылки

https://fluidattacks.com/advisories/maiden/
Exploit
Third Party Advisory
https://github.com/CleverTap/clevertap-cordova
Product
https://github.com/CleverTap/clevertap-cordova/releases/tag/2.7.0
https://fluidattacks.com/advisories/maiden/
Exploit
Third Party Advisory
https://github.com/CleverTap/clevertap-cordova
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:clevertap:clevertap:2.6.2:*:*:*:*:cordova:*:*

EPSS

Процентиль: 26%

0.00089

Низкий

9.3 Critical

CVSS3

6.1 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-x2ph-qqwm-9cc6

CVSS3: 9.3

github

больше 2 лет назад

CleverTap Cordova plugin vulnerable to Cross-site Scripting

EPSS

Процентиль: 26%

0.00089

Низкий

9.3 Critical

CVSS3

6.1 Medium

CVSS3

Дефекты

CWE-79