CVE-2026-13461
PayRange version 7.0.7 contains a JavaScript injection vulnerability
CVSS Score
9.6
EPSS Score
0.2%
EPSS Percentile
10th
When coupled with the SSL bypass vulnerability, JavaScript can be injected into a WebView in the PayRange version 7.0.7 app. The injection of specific JavaScript function calls allows the attacker to escape the WebView sandbox and perform a number of dangerous actions on the user's device.
| Vendor | payrange |
| Product | payrange |
| Published | Jul 9, 2026 |
| Last Updated | Jul 10, 2026 |
Stay Ahead of the Next One
Get instant alerts for payrange payrange
Be the first to know when new critical vulnerabilities affecting payrange payrange are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
PayRange / PayRange
7.0.7