Script Injection Vulnerability in Samsung Galaxy S6 Email Client
CVE-2015-7893

8.8HIGH

Key Information:

Vendor

Samsung
Status
Galaxy S6
Vendor
CVE Published:
11 April 2017

What is CVE-2015-7893?

The SecEmailUI component in the Samsung Galaxy S6 fails to properly sanitize HTML email content, which allows remote attackers to inject and execute arbitrary JavaScript within the email client. This vulnerability poses significant risks by potentially enabling malicious activities such as phishing, data theft, or further exploitation of the device. Users are advised to be cautious of suspicious email content and to apply any available security updates from Samsung.

References

https://bugs.chromium.org/p/project-zero/issues/detail?id...
x_refsource_CONFIRM
https://www.exploit-db.com/exploits/38554/
exploitx_refsource_EXPLOIT-DB
https://googleprojectzero.blogspot.ie/2015/11/hack-galaxy...
x_refsource_MISC

EPSS Score

13% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.