AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2019-14757: An issue was discovered in KaiOS 2.5 and 2.5.1. The pre-installed Contacts application is vulnerable to HTML and JavaScr

mediumvulnerability

security

Source: NVD/CVE DatabaseSeptember 14, 2020CVE-2019-14757

Summary

KaiOS 2.5 and 2.5.1's Contacts app is vulnerable to HTML and JavaScript injection (inserting malicious code into a web application), where an attacker can send a specially crafted vCard file (a contact format) that, when imported, executes their code within the app. This lets attackers manipulate what users see, steal credentials by displaying fake login prompts, or exploit the app's permissions to access sensitive device features.

Vulnerability Details

CVSS Score

6.1(medium)

EPSS (30-day exploit probability)

EPSS: 0.2%

Classification

Attack SophisticationTrivial

Taxonomy References

CWE (Weakness Type)

CWE-79

CAPEC (Attack Pattern)

CAPEC-198 CAPEC-86

Original source: https://nvd.nist.gov/vuln/detail/CVE-2019-14757

First tracked: February 15, 2026 at 08:52 PM

Classified by LLM (prompt v3) · confidence: 95%