cbcvebase.
CVE-2023-21516
published 2023-05-26

CVE-2023-21516: XSS vulnerability from InstantPlay in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store.

critical9.6CVSS 3.1
AVNACLPRNUIRSCCHIHAH
XSS vulnerability from InstantPlay in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store.

Affected

2 ranges
VendorProductVersion rangeFixed in
samsunggalaxy_store< 4.5.49.84.5.49.8
samsung_mobilegalaxy_store>= unspecified < 4.5.49.84.5.49.8