CVE-2021-25520 — Improper Input Validation in Mobile Samsung Internet

CWE-20 — Improper Input Validation CWE-79 — Cross-site Scripting3 documents3 sources

Severity

6.1MEDIUMNVD

CNA5.9

EPSS

0.3%

top 49.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Samsung Mobile Samsung Internet Samsung Internet

Timeline

PublishedDec 8

Latest updateDec 9

Description

Insecure caller check and input validation vulnerabilities in SearchKeyword deeplink logic prior to Samsung Internet 16.0.2 allows unstrusted applications to execute script codes in Samsung Internet.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶NVDsamsung/internet< 16.0.2

▶CVEListV5samsung_mobile/samsung_internet- — 16.0.2

🔴Vulnerability Details

GHSA

GHSA-7cw2-xhmh-jqc7: Insecure caller check and input validation vulnerabilities in SearchKeyword deeplink logic prior to Samsung Internet 16↗2021-12-09

▶

CVEList

CVE-2021-25520: Insecure caller check and input validation vulnerabilities in SearchKeyword deeplink logic prior to Samsung Internet 16↗2021-12-08

▶