Same-Origin Method Execution Vulnerability in Adobe PhoneGap Push Plugin
CVE-2018-4943

8.8HIGH

Key Information:

Vendor: Adobe
Status: Adobe Phonegap Push Plugin 1.8.0 Earlier Versions
Vendor: CVE Published:; 19 May 2018

Summary

The Adobe PhoneGap Push Plugin prior to version 1.8.0 contains a Same-Origin Method Execution vulnerability. This flaw allows an attacker to execute JavaScript code within the context of the PhoneGap application, potentially compromising security and exposing sensitive information. It is crucial for developers using this plugin to ensure they are utilizing the latest version to mitigate this risk.

Affected Version(s)

Adobe PhoneGap Push Plugin 1.8.0 earlier Adobe PhoneGap Push Plugin 1.8.0 earlier versions

References

https://helpx.adobe.com/security/products/phonegap/apsb18...

x_refsource_MISC

http://www.securityfocus.com/bid/103710

vdb-entryx_refsource_BID

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
May 19, 2018
Vulnerability Reserved
Jan 3, 2018