AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2019-14760: An issue was discovered in KaiOS 2.5. The pre-installed Recorder application is vulnerable to HTML and JavaScript inject

mediumvulnerability

security

Source: NVD/CVE DatabaseSeptember 14, 2020CVE-2019-14760

Summary

KaiOS 2.5's pre-installed Recorder app has a vulnerability allowing HTML and JavaScript injection (inserting malicious code into a web application), where a local attacker (someone with access to the device) can inject harmful code to take over the app's interface or trick users into revealing credentials.

Vulnerability Details

CVSS Score

4.4(medium)

EPSS (30-day exploit probability)

EPSS: 0.1%

Classification

Attack SophisticationTrivial

Taxonomy References

CWE (Weakness Type)

CWE-79

CAPEC (Attack Pattern)

CAPEC-198 CAPEC-86

Original source: https://nvd.nist.gov/vuln/detail/CVE-2019-14760

First tracked: February 15, 2026 at 08:52 PM

Classified by LLM (prompt v3) · confidence: 95%