← Back

CVE-2023-27108

nvd nist
Published: May 1, 2023Modified: Jan 30, 2025

JSON object

Loading...
5.3
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Exploitability: 3.9 / Impact: 1.4
Source: NVD

Description

An issue was discovered in KaiOS 3.0. The pre-installed Communications application exposes a Web Activity that returns the user's call log without origin or permission checks. An attacker can inject a JavaScript payload that runs in a browser or app without user interaction or consent. This allows an attacker to send the user's call logs to a remote server via XMLHttpRequest or Fetch.

Affected (1)

Products: Kaiostech: Kaios
Kaiostech
1 product
Kaios
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Kaios
Version 3.0

References (4)

Source: cve@mitre.org
Product
Source: cve@mitre.org
Exploit
Source: af854a3a-2127-422b-91ae-364da2661108
Product
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit

Timeline

No history available yet.