CVE-2026-10510

MEDIUM

GeniexWebView XSS in com.transsion.aiassistantlifestyle

Title source: cna

Description

Cross-Site Scripting (XSS) in GeniexWebView component in Transsion AI Assistant Lifestyle application (com.transsion.aiassistantlifestyle) all versions on Android allows remote attacker to execute arbitrary JavaScript in the WebView context via crafted web_action_data URL parameter.

References (1)

Core 1

Core References

https://security.tecno.com/SRC/securityUpdates

Scores

CVSS v3 6.1

EPSS 0.0015

EPSS Percentile 5.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (1)

TECNO Mobile/com.transsion.aiassistantlifestyle v1.3.0.002

Published Jun 02, 2026

Tracked Since Jun 02, 2026