CVE-2023-21516: XSS
First published: Fri May 26 2023(Updated: )
XSS vulnerability from InstantPlay in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store.
Credit: mobile.security@samsung.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Samsung Galaxy Store | <4.5.49.8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2023-21516?
The severity of CVE-2023-21516 is critical with a score of 9.6.
How does the XSS vulnerability in Galaxy Store impact users?
The XSS vulnerability in Galaxy Store allows attackers to execute javascript API to install APK from the store.
Which version of Galaxy Store is affected by CVE-2023-21516?
Galaxy Store versions prior to 4.5.49.8 are affected by CVE-2023-21516.
What can attackers do with the XSS vulnerability in Galaxy Store?
Attackers can execute javascript API to install APK from the Galaxy Store using the XSS vulnerability.
How can I protect myself from the XSS vulnerability in Galaxy Store?
To protect yourself from the XSS vulnerability in Galaxy Store, make sure to update to version 4.5.49.8 or higher.
- collector/nvd-latest
- collector/nvd-index
- agent/author
- agent/references
- agent/weakness
- agent/severity
- agent/description
- agent/tags
- agent/type
- agent/last-modified-date
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/samsung
- canonical/samsung galaxy store