CVE-2014-0073: Apache Cordova In-App-Browser privilege escalation Severity: Important Vendor: The Apache Software Foundation Versions Affected: - Cordova In-App-Browser iOS plugin from Cordova versions 2.6.0 to 2.9.0 - Cordova In-App-Browser iOS standalone plugin (org.apache.cordova.inappbrowser) versions 0.1.0 to 0.3.1 Description: An exploit was found in the InAppBrowser plugin that would allow a malicious site to execute arbitrary JavaScript in the host page. Update Path: The problem has been fixed in the latest version of the plugin (v0.3.2). We recommend affected projects update their plugin. Upgrade Path: Developers using the In-App Browser plugin in their applications should upgrade to version 0.3.2 Credit: This issue was discovered by Neil Bergman of Cigital, Inc.