Every CVE whose affected-product data names Apache Cordova, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (18)
CVE-2014-0073 — CVSS 9.8 (critical): The CDVInAppBrowser class in the Apache Cordova In-App-Browser standalone plugin (org.apache.cordova.inappbrowser) before 0.3.2 for iOS and…
CVE-2014-0072 — CVSS 7.5 (high): ios/CDVFileTransfer.m in the Apache Cordova File-Transfer standalone plugin (org.apache.cordova.file-transfer) before 0.4.2 for iOS and the…
CVE-2014-1881 — CVSS 7.5 (high): Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier allow remote attackers to bypass intended device-resource…
CVE-2014-1882 — CVSS 7.5 (high): Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier allow remote attackers to bypass intended device-resource…
CVE-2014-1884 — CVSS 7.5 (high): Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier on Windows Phone 7 and 8 do not properly restrict navigation events…
CVE-2012-6637 — CVSS 7.5 (high): Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier do not anchor the end of domain-name regular expressions, which…
CVE-2016-6799 — CVSS 7.5 (high): Product: Apache Cordova Android 5.2.2 and earlier. The application calls methods of the Log class. Messages passed to these methods…
CVE-2017-3160 — CVSS 7.4 (high): After the Android platform is added to Cordova the first time, or after a project is created using the build scripts, the scripts will…
CVE-2014-3500 — CVSS 6.4 (medium): Apache Cordova Android before 3.5.1 allows remote attackers to change the start page via a crafted intent URL.
CVE-2015-5207 — CVSS 5.3 (medium): Apache Cordova iOS before 4.0.0 might allow attackers to bypass a URL whitelist protection mechanism in an app and load arbitrary resources…
CVE-2015-1835 — CVSS 5.3 (medium): Apache Cordova Android before 3.7.2 and 4.x before 4.0.2, when an application does not set explicit values in config.xml, allows remote…
CVE-2015-8320 — CVSS 5.0 (medium): Apache Cordova-Android before 3.7.0 improperly generates random values for BridgeSecret data, which makes it easier for attackers to…
CVE-2015-5256 — CVSS 4.3 (medium): Apache Cordova-Android before 4.1.0, when an application relies on a remote server, improperly implements a JavaScript whitelist protection…
CVE-2014-3502 — CVSS 4.3 (medium): Apache Cordova Android before 3.5.1 allows remote attackers to open and send data to arbitrary applications via a URL with a crafted URI…
CVE-2014-3501 — CVSS 4.3 (medium): Apache Cordova Android before 3.5.1 allows remote attackers to bypass the HTTP whitelist and connect to arbitrary servers by using…
CVE-2020-11990 — CVSS 3.3 (low): We have resolved a security issue in the camera plugin that could have affected certain Cordova (Android) applications. An attacker who…