Back to overview

CVE-2026-13461

Description
When coupled with the SSL bypass vulnerability, JavaScript can be injected into a WebView in the PayRange version 7.0.7 app. The injection of specific JavaScript function calls allows the attacker to escape the WebView sandbox and perform a number of dangerous actions on the user's device.

Metadata

CVE ID
CVE-2026-13461
State
PUBLISHED
Assigner
certcc
Reserved
2026-06-26 20:08 UTC
Published
2026-07-09 17:08 UTC
Last updated
2026-07-09 17:08 UTC
Vendor / Product
PayRange / PayRange
Sources
cve.org  ·  NVD

Severity & Metrics

No CVSS data available.

Affected products (1)
VendorProductPlatformVersions
PayRange PayRange 7.0.7
Weakness (CWE)
CWESourceDescription
cna CWE-94: Improper Control of Generation of Code ('Code Injection')
Back to overview