CVE-2023-27108

Published: May 1, 2023

Modified: Jan 30, 2025

PUBLISHED

Description

An issue was discovered in KaiOS 3.0. The pre-installed Communications application exposes a Web Activity that returns the user's call log without origin or permission checks. An attacker can inject a JavaScript payload that runs in a browser or app without user interaction or consent. This allows an attacker to send the user's call logs to a remote server via XMLHttpRequest or Fetch.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://gist.github.com/Tombarr/5ed6675f33e0eca149a8b4d38ce76dda

https://kaios.dev/cve/1409490

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2023-27108

Description

Affected Products

References