Описание
A XSS vulnerability exists in the Xiaomi cloud service Application product. The vulnerability is caused by Webview's whitelist checking function allowing javascript protocol to be loaded and can be exploited by attackers to steal Xiaomi cloud service account's cookies.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.12.0.0.25 (включая)
cpe:2.3:a:mi:xiaomi_cloud:*:*:*:*:*:*:*:*
EPSS
Процентиль: 58%
0.00368
Низкий
6.1 Medium
CVSS3
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 6.1
github
больше 2 лет назад
A XSS vulnerability exists in the Xiaomi cloud service Application product. The vulnerability is caused by Webview's whitelist checking function allowing javascript protocol to be loaded and can be exploited by attackers to steal Xiaomi cloud service account's cookies.
EPSS
Процентиль: 58%
0.00368
Низкий
6.1 Medium
CVSS3
Дефекты
CWE-79