CVE-2023-21515

InstantPlay which included vulnerable script which could execute javascript in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store.
Configurations

Configuration 1 (hide)

cpe:2.3:a:samsung:galaxy_store:*:*:*:*:*:*:*:*

History

21 Nov 2024, 07:42

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 8.8
v2 : unknown
v3 : 7.5
References () https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=01 - Vendor Advisory () https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=01 - Vendor Advisory

03 Jun 2023, 03:42

Type Values Removed Values Added
First Time Samsung galaxy Store
Samsung
References (MISC) https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=01 - (MISC) https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=01 - Vendor Advisory
CWE NVD-CWE-noinfo
CPE cpe:2.3:a:samsung:galaxy_store:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.8

26 May 2023, 22:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-05-26 22:15

Updated : 2024-11-21 07:42


NVD link : CVE-2023-21515

Mitre link : CVE-2023-21515

CVE.ORG link : CVE-2023-21515


JSON object : View

Products Affected

samsung

  • galaxy_store
CWE
CWE-20

Improper Input Validation

NVD-CWE-noinfo