**Summary:** XSS via start ContentActivity using 'html' parameter. **Description (Include Impact):** Arbitrary applications on Android can run the exported activities ContentActivity, ModalContentActivity and ActionBarContentActivity. Using intent extra parameter `html` we can pass javascript, whi…