CVE-2026-10510 | THREATINT

Description

Cross-Site Scripting (XSS) in GeniexWebView component in Transsion AI Assistant Lifestyle application (com.transsion.aiassistantlifestyle) all versions on Android allows remote attacker to execute arbitrary JavaScript in the WebView context via crafted web_action_data URL parameter.

PUBLISHED Reserved 2026-06-01 | Published 2026-06-02 | Updated 2026-06-02 | Assigner TECNOMobile

Problem types

CWE-79 Improper neutralization of input during web page generation ('cross-site scripting')

Product status

Default status

unaffected

v1.3.0.002

affected

References

security.tecno.com/SRC/securityUpdates

cve.org (CVE-2026-10510)

nvd.nist.gov (CVE-2026-10510)

Download JSON