The Cross-Application Scripting vulnerability is a kind of Android application vulnerability in which the attacker can bypass the same-origin policy and access the sensitive files stored on the Android filesystem in the application's location. This means that the attacker will be able to access all the content located in the /data/data/[application package name]
location. The underlying cause of the vulnerability is that the application allows content to be executed in an untrusted zone with privileges to access trusted zones as well.
The attack becomes even more severe if the vulnerable application is a web browser, in which the attacker will be able to silently steal all the cookies and other information stored by the browser and send it to the attacker.
Even some of the famous applications such as Skype, Dropbox, Dolphin Browser, and so on, were vulnerable to Cross Application Scripting in the earlier versions.
Let's take the vulnerability in Dolphin...