XSS vulnerability from InstantPlay in Galaxy Store prior to version 4.5.49.8 allows malicious users to execute javascript API to install APK from Galaxy Store.
samsung galaxy store