Описание
A URL spoofing vulnerability was found in all international versions of Xiaomi Mi browser 10.5.6-g (aka the MIUI native browser) and Mint Browser 1.5.3 due to the way they handle the "q" query parameter. The portion of an https URL before the ?q= substring is not shown to the user.
Ссылки
- Third Party AdvisoryVDB Entry
- Permissions RequiredVendor Advisory
- ExploitThird Party Advisory
- ExploitThird Party Advisory
- Third Party AdvisoryVDB Entry
- Permissions RequiredVendor Advisory
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:mi:mi_browser:10.5.6-g:*:*:*:*:*:*:*
cpe:2.3:a:mi:mint_browser:1.5.3:*:*:*:*:*:*:*
EPSS
Процентиль: 72%
0.00712
Низкий
6.5 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-290
Связанные уязвимости
CVSS3: 6.5
github
почти 4 года назад
A URL spoofing vulnerability was found in all international versions of Xiaomi Mi browser 10.5.6-g (aka the MIUI native browser) and Mint Browser 1.5.3 due to the way they handle the "q" query parameter. The portion of an https URL before the ?q= substring is not shown to the user.
EPSS
Процентиль: 72%
0.00712
Низкий
6.5 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-290