CVE-2018-9140

CWE-79Cross-site Scripting (XSS)3 documents3 sources
Severity
6.1MEDIUM
EPSS
0.4%
top 41.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Samsung Samsung Mobile
Timeline
PublishedMar 30
Latest updateMay 14

Description

On Samsung mobile devices with M(6.0) software, the Email application allows XSS via an event attribute and arbitrary file loading via a src attribute, aka SVE-2017-10747.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-q7m3-4cpc-p6r9: On Samsung mobile devices with M(62022-05-14
CVEList
CVE-2018-9140: On Samsung mobile devices with M(62018-03-30
CVE-2018-9140 (MEDIUM CVSS 6.1) | On Samsung mobile devices with M(6. | cvebase.io