The cross-site scripting problem that results in the vulnerability, which affects Galaxy Store version 4.5.32.4, happens when handling specific deep links. The flaw was reported by an unaffiliated security researcher, according to reports.
In this case, by failing to protect the deep link, the attacker can run JS code in the Galaxy Store application’s webview context when a user hits a link from a website containing the deep link, SSD Secure Disclosure warned in a warning published last week. Read More…