CVE-2023-47883

The com.altamirano.fabricio.tvbrowser TV browser application through 4.5.1 for Android is vulnerable to JavaScript code execution via an explicit intent due to an exposed MainActivity.
Configurations

Configuration 1 (hide)

cpe:2.3:a:vladymix:tv_browser:*:*:*:*:*:android:*:*

History

09 Jan 2024, 20:04

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8
CPE cpe:2.3:a:vladymix:tv_browser:*:*:*:*:*:android:*:*
First Time Vladymix
Vladymix tv Browser
CWE CWE-94
References () https://github.com/actuator/com.altamirano.fabricio.tvbrowser/blob/main/AFC-POC.apk - () https://github.com/actuator/com.altamirano.fabricio.tvbrowser/blob/main/AFC-POC.apk - Exploit, Third Party Advisory
References () https://github.com/actuator/com.altamirano.fabricio.tvbrowser/blob/main/CWE-94.md - () https://github.com/actuator/com.altamirano.fabricio.tvbrowser/blob/main/CWE-94.md - Exploit, Third Party Advisory
References () https://github.com/actuator/com.altamirano.fabricio.tvbrowser/blob/main/TVBrowserDemo.gif - () https://github.com/actuator/com.altamirano.fabricio.tvbrowser/blob/main/TVBrowserDemo.gif - Exploit, Third Party Advisory
Summary
  • (es) La aplicación de navegador de TV com.altamirano.fabricio.tvbrowser hasta 4.5.1 para Android es vulnerable a la ejecución de código JavaScript mediante un intent explícito debido a una MainActivity expuesta.

27 Dec 2023, 21:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-12-27 21:15

Updated : 2024-01-09 20:04


NVD link : CVE-2023-47883

Mitre link : CVE-2023-47883

CVE.ORG link : CVE-2023-47883


JSON object : View

Products Affected

vladymix

  • tv_browser
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')