Nexus Threats SYSTEM App XSS Vulnerability Summary Vulnerability Overview A cross-site scripting (XSS) vulnerability exists in the Nexus Threats SYSTEM App on Android versions up to 7.2.1, via WebView/Nexus SYSTEM Build/Config/Settings. This vulnerability allows attackers to execute arbitrary JavaScript code in the victim's browser by crafting malicious links. Affected Scope Affected Product: Nexus Threats SYSTEM App Affected Versions: Up to and including 7.2.1 Affected Platform: Android Specific Components: WebView, Nexus SYSTEM Build, Config, Settings Remediation No specific patch version or official fix is provided in the page. Users are advised to upgrade the application to the latest version or avoid accessing untrusted links. POC / Exploitation Code A test URL is provided to trigger the vulnerability, serving as a proof of concept (POC):