CVE-2023-42581

CWE-20Improper Input Validation3 documents3 sources
Severity
7.5HIGH
EPSS
0.3%
top 47.50%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Samsung Galaxy Store
Timeline
PublishedDec 5

Description

Improper URL validation from InstantPlay deeplink in Galaxy Store prior to version 4.5.64.4 allows attackers to execute JavaScript API to access data.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages1 packages

NVDsamsung/galaxy_store< 4.5.64.4

🔴Vulnerability Details

2
CVEList
CVE-2023-42581: Improper URL validation from InstantPlay deeplink in Galaxy Store prior to version 42023-12-05
GHSA
GHSA-95m4-cmvc-pjh9: Improper URL validation from InstantPlay deeplink in Galaxy Store prior to version 42023-12-05
CVE-2023-42581 (HIGH CVSS 7.5) | Improper URL validation from Instan | cvebase.io