The compose-rich-editor library (v1.0.0-rc14) used in HCL Verse for Android's rich text email composition fails to properly validate all HTML input thereby allowing malicious content to be executed in certain situations.
https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0130866