Описание
SecEmailUI in Samsung Galaxy S6 does not sanitize HTML email content, allows remote attackers to execute arbitrary JavaScript.
SecEmailUI in Samsung Galaxy S6 does not sanitize HTML email content, allows remote attackers to execute arbitrary JavaScript.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2015-7893
- https://bugs.chromium.org/p/project-zero/issues/detail?id=494&q=samsung&redir=1
- https://googleprojectzero.blogspot.ie/2015/11/hack-galaxy-hunting-bugs-in-samsung.html
- https://www.exploit-db.com/exploits/38554
- http://packetstormsecurity.com/files/135643/Samsung-SecEmailUI-Script-Injection.html
- http://www.securityfocus.com/bid/77431
Связанные уязвимости
CVSS3: 8.8
nvd
почти 9 лет назад
SecEmailUI in Samsung Galaxy S6 does not sanitize HTML email content, allows remote attackers to execute arbitrary JavaScript.