CVE-2019-0219
published 2020-01-14CVE-2019-0219: A website running in the InAppBrowser webview on Android could execute arbitrary JavaScript in the main application's webview using a specially crafted…
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
A website running in the InAppBrowser webview on Android could execute arbitrary JavaScript in the main application's webview using a specially crafted gap-iab: URI.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | cordova | — | — |
| apache | cordova_inappbrowser | <= 3.0.0 | — |
| oracle | instantis_enterprisetrack | — | — |
| oracle | instantis_enterprisetrack | — | — |
| oracle | instantis_enterprisetrack | — | — |
| oracle | retail_xstore_point_of_service | — | — |
| oracle | retail_xstore_point_of_service | — | — |
| oracle | retail_xstore_point_of_service | — | — |
| oracle | retail_xstore_point_of_service | — | — |