VIR Vulnerability Intelligence Relay

CVE-2014-3500

medium
Published 2014-11-15 · Modified 2026-05-06
CVSS v3
CVSS v2
6.4
VIR risk
6.4

Description

Apache Cordova Android before 3.5.1 allows remote attackers to change the start page via a crafted intent URL.

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://cordova.apache.org/announcements/2014/08/04/android-351.html

Application impact
VendorProductVersionsFixed
apache apachecordova{"endIncluding":"3.5.0"}

References

CWEs

CWE-17

Verify integrity in audit chain (admin only). AS-IS.