AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2019-14756: An issue was discovered in KaiOS 1.0, 2.5, and 2.5.12.5. The pre-installed Email application is vulnerable to HTML and J

mediumvulnerability

security

Source: NVD/CVE DatabaseSeptember 14, 2020CVE-2019-14756

Summary

KaiOS versions 1.0, 2.5, and 2.5.12.5 have a vulnerability in their pre-installed Email app that allows HTML and JavaScript injection (inserting malicious code into a webpage or application). An attacker can send a specially crafted email that injects harmful code into the email app's interface when opened, potentially letting them trick users into revealing passwords or access the app's permissions.

Vulnerability Details

CVSS Score

6.1(medium)

EPSS (30-day exploit probability)

EPSS: 0.2%

Classification

Attack SophisticationTrivial

Taxonomy References

CWE (Weakness Type)

CWE-79

CAPEC (Attack Pattern)

CAPEC-198 CAPEC-86

Original source: https://nvd.nist.gov/vuln/detail/CVE-2019-14756

First tracked: February 15, 2026 at 08:52 PM

Classified by LLM (prompt v3) · confidence: 95%