CVE-2023-21434

Description

Improper input validation vulnerability in Galaxy Store prior to version 4.5.49.8 allows local attackers to execute JavaScript by launching a web page.

CVSS breakdown

CVSS 3.1

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Affected products

Samsung Mobile / Galaxy Storeunspecified – 4.5.49.8

References

MISChttps://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=01