CVE-2023-47883

CRITICAL

vladymix/tv_browser < 4.5.1 - JavaScript Code Execution via Exposed MainActivity

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-47883. PoCs published by actuator.

AI-analyzed exploit summary This repository provides a detailed technical analysis of CVE-2023-47883, focusing on code injection (CWE-94) and arbitrary file creation vulnerabilities in the `com.altamirano.fabricio.tvbrowser.MainActivity` component. It includes proof-of-concept code snippets demonstrating how an attacker can exploit the exported activity and exposed JavaScript interfaces to execute arbitrary code and create files.

Description

The com.altamirano.fabricio.tvbrowser TV browser application through 4.5.1 for Android is vulnerable to JavaScript code execution via an explicit intent due to an exposed MainActivity.

Exploits (1)

nomisec WRITEUP 2 stars
by actuator · poc
https://github.com/actuator/com.altamirano.fabricio.tvbrowser

This repository provides a detailed technical analysis of CVE-2023-47883, focusing on code injection (CWE-94) and arbitrary file creation vulnerabilities in the `com.altamirano.fabricio.tvbrowser.MainActivity` component. It includes proof-of-concept code snippets demonstrating how an attacker can exploit the exported activity and exposed JavaScript interfaces to execute arbitrary code and create files.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: com.altamirano.fabricio.tvbrowser (Version 4.5.1 and earlier)
No auth needed
Prerequisites: Access to the target device to send explicit intents · Target application must be installed and running
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 9.8
EPSS 0.0193
EPSS Percentile 77.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-94
Status published
Products (1)
vladymix/tv_browser < 4.5.1
Published Dec 27, 2023
Tracked Since Feb 18, 2026