CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 3CVE-2023-43955
https://notcve.org/view.php?id=CVE-2023-43955
The com.phlox.tvwebbrowser TV Bro application through 2.0.0 for Android mishandles external intents through WebView. This allows attackers to execute arbitrary code, create arbitrary files. and perform arbitrary downloads via JavaScript that uses takeBlobDownloadData. La aplicación com.phlox.tvwebbrowser TV Bro hasta la versión 2.0.0 para Android maneja mal los intents externos a través de WebView. Esto permite a los atacantes ejecutar código arbitrario y crear archivos arbitrarios. y realizar descargas arbitrarias a través de JavaScript que utiliza takeBlobDownloadData. • https://github.com/actuator/com.phlox.tvwebbrowser https://github.com/actuator/com.phlox.tvwebbrowser/blob/main/CWE-94.md https://github.com/actuator/com.phlox.tvwebbrowser/blob/main/poc.apk https://github.com/truefedex/tv-bro/pull/182#issue-1901769895 • CWE-94: Improper Control of Generation of Code ('Code Injection') •