{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-10510", "assignerOrgId": "907edf6c-bf03-423e-ab1a-8da27e1aa1ea", "state": "PUBLISHED", "assignerShortName": "TECNOMobile", "dateReserved": "2026-06-01T03:45:49.551Z", "datePublished": "2026-06-02T01:56:42.448Z", "dateUpdated": "2026-06-02T01:56:42.448Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "907edf6c-bf03-423e-ab1a-8da27e1aa1ea", "shortName": "TECNOMobile", "dateUpdated": "2026-06-02T01:56:42.448Z"}, "title": "GeniexWebView XSS in com.transsion.aiassistantlifestyle", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-79", "description": "CWE-79 Improper neutralization of input during web page generation ('cross-site scripting')", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-63", "descriptions": [{"lang": "en", "value": "CAPEC-63 Cross-Site Scripting (XSS)"}]}], "affected": [{"vendor": "TECNO Mobile", "product": "com.transsion.aiassistantlifestyle", "versions": [{"status": "affected", "version": "v1.3.0.002"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Cross-Site Scripting (XSS) in GeniexWebView component in Transsion AI Assistant Lifestyle application (com.transsion.aiassistantlifestyle) all versions on Android allows remote attacker to execute arbitrary JavaScript in the WebView context via crafted web_action_data URL parameter.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Cross-Site Scripting (XSS) in GeniexWebView component in Transsion AI Assistant Lifestyle application (com.transsion.aiassistantlifestyle) all versions on Android allows remote attacker to execute arbitrary JavaScript in the WebView context via crafted web_action_data URL parameter."}]}], "references": [{"url": "https://security.tecno.com/SRC/securityUpdates"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.2"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Cross-Site Scripting (XSS) in GeniexWebView component in Transsion AI Assistant Lifestyle application (com.transsion.aiassistantlifestyle) all versions on Android allows remote attacker to execute arbitrary JavaScript in the WebView context via crafted web_action_data URL parameter."}], "id": "CVE-2026-10510", "lastModified": "2026-06-02T03:16:15.933", "metrics": {}, "published": "2026-06-02T03:16:15.933", "references": [{"source": "907edf6c-bf03-423e-ab1a-8da27e1aa1ea", "url": "https://security.tecno.com/SRC/securityUpdates"}], "sourceIdentifier": "907edf6c-bf03-423e-ab1a-8da27e1aa1ea", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "907edf6c-bf03-423e-ab1a-8da27e1aa1ea", "type": "Secondary"}]}

{}

{"created": "2026-06-02T03:30:26.147050+00:00", "updated": "2026-06-02T03:30:26.147062+00:00", "vendors": []}