CVE-2023-47883

CRITICAL

9.8

Description

The com.altamirano.fabricio.tvbrowser TV browser application through 4.5.1 for Android is vulnerable to JavaScript code execution via an explicit intent due to an exposed MainActivity.

Details CVE

Score CVSS v3.19.8

SeveriteCRITICAL

Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vecteur d'attaqueNETWORK

ComplexiteLOW

Privileges requisNONE

Interaction utilisateurNONE

Publie12/27/2023

Derniere modification11/21/2024

Sourcenvd

Observations honeypot0

Produits affectes

vladymix:tv_browser

Faiblesses (CWE)

CWE-94

References

https://github.com/actuator/com.altamirano.fabricio.tvbrowser/blob/main/AFC-POC.apk(cve@mitre.org)

https://github.com/actuator/com.altamirano.fabricio.tvbrowser/blob/main/CWE-94.md(cve@mitre.org)

https://github.com/actuator/com.altamirano.fabricio.tvbrowser/blob/main/TVBrowserDemo.gif(cve@mitre.org)

https://github.com/actuator/com.altamirano.fabricio.tvbrowser/blob/main/AFC-POC.apk(af854a3a-2127-422b-91ae-364da2661108)

https://github.com/actuator/com.altamirano.fabricio.tvbrowser/blob/main/CWE-94.md(af854a3a-2127-422b-91ae-364da2661108)

https://github.com/actuator/com.altamirano.fabricio.tvbrowser/blob/main/TVBrowserDemo.gif(af854a3a-2127-422b-91ae-364da2661108)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.