CVE-2023-42581

Summary

Improper URL validation from InstantPlay deeplink in Galaxy Store prior to version 4.5.64.4 allows attackers to execute JavaScript API to access data.

Affected Software

VendorProductVersion RangeStatus
Samsung MobileGalaxy Store4.5.64.4unaffected

Weaknesses

  • CWE-20: Improper Input Validation

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References