Remote JavaScript Execution in Palm Pre WebOS by Palm
CVE-2009-5097

Currently unrated

Key Information:

Vendor: HP
Status: Palm Pre Webos
Vendor: CVE Published:; 13 September 2011

Summary

The Palm Pre WebOS 1.1 and earlier versions have a vulnerability that allows attackers to execute arbitrary JavaScript through email messages. This flaw can lead to unauthorized access and manipulation of sensitive data, as demonstrated in instances where attackers can read files such as PalmDatabase.db3. Proper action is needed to secure against this risk in email communications.

References

http://kb.palm.com/wps/portal/kb/na/pre/p100eww/sprint/so...

x_refsource_CONFIRM

http://www.securitytracker.com/id?1022987

vdb-entryx_refsource_SECTRACK

http://tlhsecurity.blogspot.com/2009/10/palm-pre-webos-11...

x_refsource_MISC

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Sep 13, 2011