Vulnerability Description
The Edinburgh by Bus application for Android, when Adobe PhoneGap 2.9.0 or earlier is used, allows remote attackers to execute arbitrary JavaScript code, and consequently access external-storage resources, by leveraging control over one of a number of "obscure Eastern European dating sites."
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Edinburghtour | Edinburgh By Bus | - |
| Adobe | Phonegap | 2.0.0 |
Related Weaknesses (CWE)
References
- http://openwall.com/lists/oss-security/2014/02/07/9
- http://www.cs.utexas.edu/~shmat/shmat_ndss14nofrak.pdfExploit
- http://www.internetsociety.org/ndss2014/programme#session3
- http://openwall.com/lists/oss-security/2014/02/07/9
- http://www.cs.utexas.edu/~shmat/shmat_ndss14nofrak.pdfExploit
- http://www.internetsociety.org/ndss2014/programme#session3
FAQ
What is CVE-2014-1886?
CVE-2014-1886 is a vulnerability with a CVSS score of 6.8 (MEDIUM). The Edinburgh by Bus application for Android, when Adobe PhoneGap 2.9.0 or earlier is used, allows remote attackers to execute arbitrary JavaScript code, and consequently access external-storage resou...
How severe is CVE-2014-1886?
CVE-2014-1886 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-1886?
Check the references section above for vendor advisories and patch information. Affected products include: Edinburghtour Edinburgh By Bus, Adobe Phonegap.