CVE-2023-21434

CWE-20Improper Input ValidationCWE-79Cross-site Scripting (XSS)3 documents3 sources
Severity
6.1MEDIUM
EPSS
0.7%
top 28.01%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Samsung Mobile Galaxy StoreSamsung Galaxy Store
Timeline
PublishedFeb 9

Description

Improper input validation vulnerability in Galaxy Store prior to version 4.5.49.8 allows local attackers to execute JavaScript by launching a web page.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.5 | Impact: 3.6

Affected Packages2 packages

NVDsamsung/galaxy_store< 4.5.49.8
CVEListV5samsung_mobile/galaxy_storeunspecified4.5.49.8

🔴Vulnerability Details

2
GHSA
GHSA-m5xh-w97f-qrvv: Improper input validation vulnerability in Galaxy Store prior to version 42023-02-09
CVEList
CVE-2023-21434: Improper input validation vulnerability in Galaxy Store prior to version 42023-02-09
CVE-2023-21434 (MEDIUM CVSS 6.1) | Improper input validation vulnerabi | cvebase.io