Improper Authorization in Samsung Assistant PushMsgReceiver Allows for JavaScript Interface Execution

Improper Authorization in Samsung Assistant PushMsgReceiver Allows for JavaScript Interface Execution

CVE-2023-30736 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Improper authorization in PushMsgReceiver of Samsung Assistant prior to version 8.7.00.1 allows attacker to execute javascript interface. To trigger this vulnerability, user interaction is required.

Learn more about our User Device Pen Test.