CVE-2026-10510 PUBLISHED

GeniexWebView XSS in com.transsion.aiassistantlifestyle

Assigner: TECNOMobile
Reserved: 01.06.2026 Published: 02.06.2026 Updated: 02.06.2026

Cross-Site Scripting (XSS) in GeniexWebView component in Transsion AI Assistant Lifestyle application (com.transsion.aiassistantlifestyle) all versions on Android allows remote attacker to execute arbitrary JavaScript in the WebView context via crafted web_action_data URL parameter.

Product Status

Vendor	TECNO Mobile
Product	com.transsion.aiassistantlifestyle
Versions	Default: unaffected Version v1.3.0.002 is affected

References

https://security.tecno.com/SRC/securityUpdates

Problem Types

CWE-79 Improper neutralization of input during web page generation ('cross-site scripting') CWE

Impacts

CAPEC-63 Cross-Site Scripting (XSS)