Description
SecEmailUI in Samsung Galaxy S6 does not sanitize HTML email content, allows remote attackers to execute arbitrary JavaScript.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Google Security Research · pythonremoteandroid
https://www.exploit-db.com/exploits/38554
References (5)
Scores
CVSS v3
8.8
EPSS
0.1365
EPSS Percentile
94.3%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-20
Status
published
Products (1)
samsung/galaxy_s6
Published
Apr 11, 2017
Tracked Since
Feb 18, 2026