CVE-2009-5097
HP Palm Pre WebOS < 1.1.0 - Remote JavaScript Execution via Email Message Processing
Title source: llmDescription
Palm Pre WebOS 1.1 and earlier processes JavaScript in email messages, which allows remote attackers to execute arbitrary JavaScript, as demonstrated by reading PalmDatabase.db3.
References (5)
Core 5
Core References
Various Sources x_refsource_misc
http://tlhsecurity.blogspot.com/2009/10/palm-pre-webos-11-remote-file-access.html
Various Sources x_refsource_misc
http://www.precentral.net/webos-1-2-fixed-serious-file-security-issue
Various Sources x_refsource_confirm
http://kb.palm.com/wps/portal/kb/na/pre/p100eww/sprint/solutions/article/50607_en.html#12
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1022987
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/36936
Scores
EPSS
0.0080
EPSS Percentile
74.2%
Details
CWE
CWE-94
Status
published
Products (4)
hp/palm_pre_webos
1.0.2
hp/palm_pre_webos
1.0.3
hp/palm_pre_webos
1.0.4
hp/palm_pre_webos
< 1.1.0
Published
Sep 13, 2011
Tracked Since
Feb 18, 2026