AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2019-14761: An issue was discovered in KaiOS 2.5. The pre-installed Note application is vulnerable to HTML and JavaScript injection

mediumvulnerability

security

Source: NVD/CVE DatabaseSeptember 14, 2020CVE-2019-14761

Summary

The Note app pre-installed on KaiOS 2.5 is vulnerable to HTML and JavaScript injection (a type of attack where malicious code is inserted into an application). A local attacker (someone with access to the device) can inject harmful code into the Note app to take over its interface, trick users into giving up login credentials, or exploit any permissions the app has.

Vulnerability Details

CVSS Score

4.4(medium)

EPSS (30-day exploit probability)

EPSS: 0.1%

Classification

Attack SophisticationTrivial

Taxonomy References

CWE (Weakness Type)

CWE-79

CAPEC (Attack Pattern)

CAPEC-198 CAPEC-86

Original source: https://nvd.nist.gov/vuln/detail/CVE-2019-14761

First tracked: February 15, 2026 at 08:52 PM

Classified by LLM (prompt v3) · confidence: 95%