The YI Smart Kami Vision com.kamivision.yismart application up to and including 1.0.0_20231219 for Android allows a remote malicious user to execute arbitrary JavaScript code via an implicit intent to the com.ants360.yicamera.activity.WebViewActivity component.