exploitDog

GHSA-68qx-rgww-4mx9

Опубликовано: 02 авг. 2023

Источник: github

Github: Не прошло ревью

CVSS3: 6.1

Описание

A XSS vulnerability exists in the Xiaomi cloud service Application product. The vulnerability is caused by Webview's whitelist checking function allowing javascript protocol to be loaded and can be exploited by attackers to steal Xiaomi cloud service account's cookies.

A XSS vulnerability exists in the Xiaomi cloud service Application product. The vulnerability is caused by Webview's whitelist checking function allowing javascript protocol to be loaded and can be exploited by attackers to steal Xiaomi cloud service account's cookies.

Ссылки

EPSS

Процентиль: 58%

0.00368

Низкий

6.1 Medium

CVSS3

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2023-26316

CVSS3: 6.1

nvd

больше 2 лет назад

A XSS vulnerability exists in the Xiaomi cloud service Application product. The vulnerability is caused by Webview's whitelist checking function allowing javascript protocol to be loaded and can be exploited by attackers to steal Xiaomi cloud service account's cookies.

EPSS

Процентиль: 58%

0.00368

Низкий

6.1 Medium

CVSS3

CVE ID

Дефекты

CWE-79