CVE-2023-2507 CRITICAL

CVE-2023-2507: CleverTap Cordova Plugin 2.6.2 - Reflected XSS

Vendor Clevertap

Product Cordova Plugin

Weakness CWE-79 · XSS

Published July 15, 2023

Last update September 24, 2025

View on NVD All CVEs

CVSS base score

9.3/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

What the vulnerability does

01Description

CleverTap Cordova Plugin version 2.6.2 allows a remote attacker to execute JavaScript code in any application that is opened via a specially constructed deeplink by an attacker. This is possible because the plugin does not correctly validate the data coming from the deeplinks before using them.

Key dates

02Disclosure timeline

July 15, 2023 CVE published

September 24, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-2507

Related vulnerabilities

CVE-2023-2507: CleverTap Cordova Plugin 2.6.2 - Reflected XSS

01Description

02Disclosure timeline

03References

04Related CVE