EIP-2026-102243

PRE-CVE

Google Gmail IOS Mobile Application - Persistent Cross-Site Scripting

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-102243. PoCs published by Ali Raza.

AI-analyzed exploit summary This is a writeup describing a stored XSS vulnerability in the Gmail iOS application, where malicious HTML attachments can execute arbitrary JavaScript when opened. The PoC involves attaching an HTML file with an iframe payload to an email and viewing it in the Gmail iOS app.

Description

Google Gmail IOS Mobile Application - Persistent Cross-Site Scripting

Exploits (1)

exploitdb WRITEUP

by Ali Raza · textwebappsios

https://www.exploit-db.com/exploits/29633

View Code ZIP pw:eip

This is a writeup describing a stored XSS vulnerability in the Gmail iOS application, where malicious HTML attachments can execute arbitrary JavaScript when opened. The PoC involves attaching an HTML file with an iframe payload to an email and viewing it in the Gmail iOS app.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Google Gmail Mobile iOS Application (version unspecified)

No auth needed

Prerequisites: Ability to send an email with an HTML attachment to a Gmail iOS user

MITRE ATT&CK

T1189 - Drive-by Compromise T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026