A XSS vulnerability exists in the Xiaomi cloud service Application product. The vulnerability is caused by Webview's whitelist checking function allowing javascript protocol to be loaded and can be exploited by attackers to steal Xiaomi cloud service account's cookies.
References
Link | Resource |
---|---|
https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=322 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Xiaomi
Published: 2023-08-02T00:00:00
Updated: 2023-08-02T00:00:00
Reserved: 2023-02-22T00:00:00
Link: CVE-2023-26316
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-08-02T14:15:10.343
Modified: 2023-08-07T18:01:47.890
Link: CVE-2023-26316
JSON object: View
Redhat Information
No data.
CWE