4 matches found
CVE-2023-42471
The wave.ai.browser application through 1.0.35 for Android allows a remote attacker to execute arbitrary JavaScript code via a crafted intent. It contains a manifest entry that exports the wave.ai.browser.ui.splash.SplashScreen activity. This activity uses a WebView component to display web conte...
CVE-2023-42471
creationtimestamp| type| source ---|---|--- 2023-09-11 12:22:18+00:00| seen| https://t.me/cibsecurity/70203 2023-10-10 22:41:34+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/5356...
CVE-2023-42471
The wave.ai.browser application through 1.0.35 for Android allows a remote attacker to execute arbitrary JavaScript code via a crafted intent. It contains a manifest entry that exports the wave.ai.browser.ui.splash.SplashScreen activity. This activity uses a WebView component to display web conte...
CVE-2023-42471
CVE-2023-42471 affects the wave.ai.browser Android app up to version 1.0.35. The root cause is a WebView-based SplashScreen activity (wave.ai.browser.ui.splash.SplashScreen) exported via the manifest, which does not adequately validate or sanitize the URI or extra data passed in an incoming craft...