Cross-Site Scripting and file upload vulnerabilities in Samsung Email application
CVE-2018-9140

6.1MEDIUM

Key Information:

Vendor: Samsung
Status: Samsung Mobile
Vendor: CVE Published:; 30 March 2018

Summary

The Samsung Email application on mobile devices utilizing M(6.0) software is susceptible to a class of vulnerabilities that allows attackers to exploit cross-site scripting (XSS) via event attributes. Additionally, the application permits arbitrary file loading through its src attribute, potentially exposing user data and creating severe security risks. Users are advised to update their software to mitigate these issues.

References

https://security.samsungmobile.com/securityUpdate.smsb

x_refsource_CONFIRM

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Mar 30, 2018
Vulnerability Reserved
Mar 30, 2018