CVE-2015-5256

Medium CVSS 4.3

Overview

Apache Cordova-Android before 4.1.0, when an application relies on a remote server, improperly implements a JavaScript whitelist protection mechanism, which allows attackers to bypass intended access restrictions via a crafted URI.

CWE: CWE-264 Published: 2015-11-23T11:59:00.127

Risk analysis

This vulnerability is rated 🟡 MEDIUM.

CVSS: 4.3 (MEDIUM)
Detected tags: none (tag impact: LOW)

Recommended actions:

Prioritize remediation based on business criticality and exposure.
Limit exposure and increase monitoring until fixed.

Overview

Recommended tools

Tags