Unrated severityNVD Advisory· Published May 1, 2023· Updated Jan 30, 2025
CVE-2023-27108
CVE-2023-27108
Description
An issue was discovered in KaiOS 3.0. The pre-installed Communications application exposes a Web Activity that returns the user's call log without origin or permission checks. An attacker can inject a JavaScript payload that runs in a browser or app without user interaction or consent. This allows an attacker to send the user's call logs to a remote server via XMLHttpRequest or Fetch.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- KaiOS/KaiOSdescription
- Range: =3.0
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.