Same-Origin Method Execution Vulnerability in Adobe PhoneGap Push Plugin
CVE-2018-4943

8.8HIGH

Key Information:

Vendor: Adobe
Status: Adobe Phonegap Push Plugin 1.8.0 Earlier Versions
Vendor: CVE Published:; 19 May 2018

What is CVE-2018-4943?

The Adobe PhoneGap Push Plugin prior to version 1.8.0 contains a Same-Origin Method Execution vulnerability. This flaw allows an attacker to execute JavaScript code within the context of the PhoneGap application, potentially compromising security and exposing sensitive information. It is crucial for developers using this plugin to ensure they are utilizing the latest version to mitigate this risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Adobe PhoneGap Push Plugin 1.8.0 earlier Adobe PhoneGap Push Plugin 1.8.0 earlier versions

References

https://helpx.adobe.com/security/products/phonegap/apsb18...

x_refsource_MISC

http://www.securityfocus.com/bid/103710

vdb-entryx_refsource_BID

EPSS Score

12% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
May 19, 2018
Vulnerability Reserved
Jan 3, 2018

JSON

Adobe

What is CVE-2018-4943?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

EPSS Score

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.