Remote Code Execution via CleverTap Cordova Plugin Deeplinks

Remote Code Execution via CleverTap Cordova Plugin Deeplinks

CVE-2023-2507 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CleverTap Cordova Plugin version 2.6.2 allows a remote attacker to execute JavaScript code in any application that is opened via a specially constructed deeplink by an attacker. This is possible because the plugin does not correctly validate the data coming from the deeplinks before using them.

Learn more about our Web Application Penetration Testing UK.