JavaScript Injection Vulnerability in PayRange Mobile Application
CVE-2026-13461
Currently unrated
What is CVE-2026-13461?
The vulnerability in the PayRange mobile application, specifically in version 7.0.7, allows an attacker to inject malicious JavaScript into a WebView when combined with an SSL bypass flaw. This enables the attacker to escape the confines of the WebView sandbox, potentially leading to unauthorized actions on the user's device. Such actions may include data theft, manipulation of the app's functionality, and unauthorized access to sensitive information, significantly endangering user security.
Affected Version(s)
PayRange 7.0.7
