CVE-2023-43481

Name of the Vulnerable Software and Affected Versions Shenzhen TCL Browser TV Web BrowseHere (aka com.tcl.browser) version 6.65.022 dab24cc6 231221 gp

Description The issue allows a remote attacker to execute arbitrary JavaScript code via the com.tcl.browser.portal.browse.activity.BrowsePageActivity component. This enables the attacker to perform malicious actions on the affected system.

Recommendations For version 6.65.022 dab24cc6 231221 gp, consider disabling the com.tcl.browser.portal.browse.activity.BrowsePageActivity component as a temporary workaround until a patch is available. Restrict access to this component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.