๐Ÿ” CVE Alert

CVE-2026-13461

CRITICAL 9.6

PayRange version 7.0.7 contains a JavaScript injection vulnerability

CVSS Score
9.6
EPSS Score
0.2%
EPSS Percentile
10th

When coupled with the SSL bypass vulnerability, JavaScript can be injected into a WebView in the PayRange version 7.0.7 app. The injection of specific JavaScript function calls allows the attacker to escape the WebView sandbox and perform a number of dangerous actions on the user's device.

Vendor payrange
Product payrange
Published Jul 9, 2026
Last Updated Jul 10, 2026
Stay Ahead of the Next One

Get instant alerts for payrange payrange

Be the first to know when new critical vulnerabilities affecting payrange payrange are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

PayRange / PayRange
7.0.7

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
cwe.mitre.org: https://cwe.mitre.org/data/definitions/94.html kb.cert.org: https://kb.cert.org/vuls/id/152953