CVE-2023-42471

Name of the Vulnerable Software and Affected Versions wave.ai.browser application through 1.0.35 for Android

Description The issue allows a remote attacker to execute arbitrary JavaScript code via a crafted intent. It contains a manifest entry that exports the wave.ai.browser.ui.splash.SplashScreen activity. This activity uses a WebView component to display web content and doesn't adequately validate or sanitize the URI or any extra data passed in the intent by a third party application (with no permissions).

Recommendations For wave.ai.browser application through 1.0.35 for Android, consider disabling the wave.ai.browser.ui.splash.SplashScreen activity until a patch is available to prevent exploitation. Restrict access to the WebView component to minimize the risk of arbitrary JavaScript code execution. Avoid using intents from untrusted sources to prevent passing malicious data to the application.