Description
Cross-Site Scripting (XSS) in GeniexWebView component in Transsion AI Assistant Lifestyle application (com.transsion.aiassistantlifestyle) all versions on Android allows remote attacker to execute arbitrary JavaScript in the WebView context via crafted web_action_data URL parameter.
Published: 2026-06-02
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Cross‑Site Scripting was discovered in the GeniexWebView component of Transsion AI Assistant Lifestyle for Android. The flaw allows a remote attacker to supply a crafted web_action_data URL parameter that is passed unsanitized to the WebView. By injecting JavaScript into that parameter, an attacker can execute arbitrary code in the context of the application, potentially leaking sensitive data or hijacking the user’s session.

Affected Systems

All Android versions of TECNO Mobile’s com.transsion.aiassistantlifestyle application are affected. The vulnerability exists across all releases of the app currently on the market.

Risk and Exploitability

The CVSS score is not stated, and the EPSS score is unavailable, but the issue is categorized as a classic XSS which can be triggered by an attacker who controls a link or URL. Because the attack requires only the delivery of a malicious web_action_data value, the risk is high if users click suspicious links or open URLs from untrusted sources. The vulnerability is not listed in CISA’s KEV catalog, yet it remains a significant security concern until a vendor patch is issued.

Generated by OpenCVE AI on June 2, 2026 at 03:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest available version of the app that addresses the XSS flaw.
  • If no patched version exists, uninstall the application to eliminate the threat.
  • Employ a mobile security solution that monitors URL activity and blocks suspicious web_action_data parameters until a vendor patch is released.

Generated by OpenCVE AI on June 2, 2026 at 03:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 02 Jun 2026 02:30:00 +0000

Type Values Removed Values Added
Description Cross-Site Scripting (XSS) in GeniexWebView component in Transsion AI Assistant Lifestyle application (com.transsion.aiassistantlifestyle) all versions on Android allows remote attacker to execute arbitrary JavaScript in the WebView context via crafted web_action_data URL parameter.
Title GeniexWebView XSS in com.transsion.aiassistantlifestyle
Weaknesses CWE-79
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: TECNOMobile

Published:

Updated: 2026-06-02T01:56:42.448Z

Reserved: 2026-06-01T03:45:49.551Z

Link: CVE-2026-10510

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-02T03:16:15.933

Modified: 2026-06-02T03:16:15.933

Link: CVE-2026-10510

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-02T03:30:26Z

Weaknesses