Vulnerabilities > Apache > Cordova > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-27 | CVE-2015-1835 | Improper Input Validation vulnerability in Apache Cordova Apache Cordova Android before 3.7.2 and 4.x before 4.0.2, when an application does not set explicit values in config.xml, allows remote attackers to modify undefined secondary configuration variables (preferences) via a crafted intent: URL. | 5.3 |
| 2016-05-09 | CVE-2015-5208 | Improper Input Validation vulnerability in Apache Cordova Apache Cordova iOS before 4.0.0 allows remote attackers to execute arbitrary plugins via a link. | 4.4 |
| 2016-05-09 | CVE-2015-5207 | Improper Access Control vulnerability in Apache Cordova Apache Cordova iOS before 4.0.0 might allow attackers to bypass a URL whitelist protection mechanism in an app and load arbitrary resources by leveraging unspecified methods. | 5.3 |