XSS Vulnerability in SmartTagPlugin by Samsung Mobile
CVE-2022-24926

5.7MEDIUM

Key Information:

Vendor: Samsung
Status: Smarttagplugin
Vendor: CVE Published:; 11 February 2022

What is CVE-2022-24926?

An improper input validation vulnerability exists in Samsung Mobile's SmartTagPlugin versions prior to 1.2.15-6. This flaw can be exploited by privileged attackers to execute cross-site scripting (XSS) attacks, compromising the integrity of user sessions and potentially allowing unauthorized access to sensitive information on victim devices. It is essential to update to the latest version to mitigate this risk.

Affected Version(s)

SmartTagPlugin < 1.2.15-6

References

https://security.samsungmobile.com/serviceWeb.smsb?year=2...

x_refsource_MISC

CVSS V3.1

Score:

5.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 11, 2022
Vulnerability Reserved
Feb 10, 2022