{"vulnerability": "CVE-2023-42471", "sightings": [{"uuid": "b515bc9d-54a3-4c55-9752-370b854834a6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-42471", "type": "seen", "source": "https://t.me/cibsecurity/70203", "content": "\u203c CVE-2023-42471 \u203c\n\nThe wave.ai.browser application through 1.0.35 for Android allows a remote attacker to execute arbitrary JavaScript code via a crafted intent. It contains a manifest entry that exports the wave.ai.browser.ui.splash.SplashScreen activity. This activity uses a WebView component to display web content and doesn't adequately validate or sanitize the URI or any extra data passed in the intent by a third party application (with no permissions).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-11T12:22:18.000000Z"}, {"uuid": "1de3cac5-e492-447d-aea9-b6c3a49bf989", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-42471", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/5356", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aCVE-2023-42471\nURL\uff1ahttps://github.com/actuator/wave.ai.browser\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-10-10T22:41:34.000000Z"}]}