Cross-site request forgery (CSRF) vulnerability in HP Operations Orchestration Central 10.x before 10.22.001 allows remote attackers to hijack the authentication of unspecified victims via unknown. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.
Apache Cordova-Android before 3.7.0 improperly generates random values for BridgeSecret data, which makes it easier for attackers to conduct bridge hijacking attacks by predicting a value. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Apache Cordova-Android before 4.1.0, when an application relies on a remote server, improperly implements a JavaScript whitelist protection mechanism, which allows attackers to bypass intended access. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.