Search Results (2 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-13461 1 Payrange 1 Payrange 2026-07-10 N/A
When coupled with the SSL bypass vulnerability, JavaScript can be injected into a WebView in the PayRange version 7.0.7 app. The injection of specific JavaScript function calls allows the attacker to escape the WebView sandbox and perform a number of dangerous actions on the user's device.
CVE-2026-13462 1 Payrange 1 Payrange 2026-07-10 7.5 High
PayRange Android app, version 7.0.7 and below, contains an SSL bypass vulnerability that allows invalid certificates to be accepted in application webviews. A remote and unauthenticated attacker can steal information that the user sends.