CVE-2023-21516

Name of the Vulnerable Software and Affected Versions Galaxy Store versions prior to 4.5.49.8

Description The issue allows attackers to execute javascript API, potentially leading to the installation of APK from the Galaxy Store. This is related to an XSS vulnerability from InstantPlay in the Galaxy Store.

Recommendations For versions prior to 4.5.49.8, update to version 4.5.49.8 or later to resolve the issue. As a temporary workaround, consider restricting the use of the InstantPlay feature until a patch is applied. Avoid using the javascript API in the affected Galaxy Store versions until the issue is resolved.