When coupled with the SSL bypass vulnerability, JavaScript can be injected into a WebView in the PayRange version 7.0.7 app. The injection of specific JavaScript function calls allows the attacker to escape the WebView sandbox and perform a number of dangerous actions on the user's device.
History

Thu, 09 Jul 2026 17:15:00 +0000

Type Values Removed Values Added
Description When coupled with the SSL bypass vulnerability, JavaScript can be injected into a WebView in the PayRange version 7.0.7 app. The injection of specific JavaScript function calls allows the attacker to escape the WebView sandbox and perform a number of dangerous actions on the user's device.
Title PayRange version 7.0.7 contains a JavaScript injection vulnerability
References

cve-icon MITRE

Status: PUBLISHED

Assigner: certcc

Published:

Updated: 2026-07-09T17:08:53.024Z

Reserved: 2026-06-26T20:08:29.251Z

Link: CVE-2026-13461

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.