Filtered by vendor Cordova
Subscriptions
Total
1 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-65835 | 2 Cordova, Google | 2 Plugin-x-socialsharing, Android | 2025-12-16 | 6.2 Medium |
| The Cordova plugin cordova-plugin-x-socialsharing (SocialSharing-PhoneGap-Plugin) for Android 6.0.4, registers an exported broadcast receiver nl.xservices.plugins.ShareChooserPendingIntent with an android.intent.action.SEND intent filter. The onReceive implementation accesses Intent.EXTRA_CHOSEN_COMPONENT without checking for null. If a broadcast is sent with extras present but without EXTRA_CHOSEN_COMPONENT, the code dereferences a null value and throws a NullPointerException. Because the receiver is exported and performs no permission or caller validation, any local application on the device can send crafted ACTION_SEND broadcasts to this component and repeatedly crash the host application, resulting in a local, unauthenticated application-level denial of service for any app that includes the plugin. | ||||
Page 1 of 1.