Verse For Android
Monthly
HTML injection in HCL Verse for Android's rich text email composition component enables malicious content execution on the local device. The compose-rich-editor library (v1.0.0-rc14) bundled with HCL Verse for Android fails to sanitize HTML input, allowing crafted content to execute in the composition context. With High confidentiality and integrity impact signals in the CVSS vector, successful exploitation could expose sensitive email data or allow unauthorized modification of content; no public exploit code has been identified at time of analysis.
HTML injection in HCL Verse for Android's rich text email composition component enables malicious content execution on the local device. The compose-rich-editor library (v1.0.0-rc14) bundled with HCL Verse for Android fails to sanitize HTML input, allowing crafted content to execute in the composition context. With High confidentiality and integrity impact signals in the CVSS vector, successful exploitation could expose sensitive email data or allow unauthorized modification of content; no public exploit code has been identified at time of analysis.