CVE-2015-7893

🗓️ 11 Apr 2017 19:00:00Reported by mitreType

cve

cve🔗 web.nvd.nist.gov👁 45 Views🌐 WEB

Samsung Galaxy S6 Does Not Sanitize HTML Email Content

Reporter	Title	Published	Views	Family All 7
0day.today	Samsung SecEmailUI Script Injection Exploit	28 Oct 201500:00	–	zdt
Circl	CVE-2015-7893	28 Oct 201500:00	–	circl
CNVD	Vulnerability in Samsung SecEmailUI	4 Jan 201600:00	–	cnvd
Cvelist	CVE-2015-7893	11 Apr 201719:00	–	cvelist
GoogleProjectZero	Hack The Galaxy: Hunting Bugs in the Samsung Galaxy S6 Edge	2 Nov 201500:00	–	googleprojectzero
NVD	CVE-2015-7893	11 Apr 201719:59	–	nvd
Prion	Code injection	11 Apr 201719:59	–	prion

NVD

Node

samsung galaxy_s6Match-

Source	Link
googleprojectzero	www.googleprojectzero.blogspot.ie/2015/11/hack-galaxy-hunting-bugs-in-samsung.html
securityfocus	www.securityfocus.com/bid/77431
packetstormsecurity	www.packetstormsecurity.com/files/135643/Samsung-SecEmailUI-Script-Injection.html
exploit-db	www.exploit-db.com/exploits/38554/
bugs	www.bugs.chromium.org/p/project-zero/issues/detail

Parameter	Position	Path	Description	CWE
M	path	email://M/N	HTML content in an email viewed by SecEmailUI WebView can execute JavaScript due to lack of sanitization, as demonstrated by the proof-of-concept using an email URL.	CWE-20
N	path	email://M/N	HTML content in an email viewed by SecEmailUI WebView can execute JavaScript due to lack of sanitization, as demonstrated by the proof-of-concept using an email URL.	CWE-20

13 May 2026 00:24Current

8.1High risk

Vulners AI Score8.1

CVSS 26.8

CVSS 38.8

EPSS0.13648

samsung galaxy s6 secemailui html email content javascript nvd cve-2015-7893