CVE-2020-9092

HUAWEI Mate 20 versions earlier than 10.1.0.163(C00E160R3P8) have a JavaScript injection vulnerability. A module does not verify a specific input. This could allow attackers to bypass filter mechanism to launch JavaScript injection. This could compromise normal service of the affected module.

Published: Oct 19, 2020
Updated: Apr 14, 2023
CVE: CVE-2020-9092
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.6
AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CVSS v2:

Severity: Low
Score: 2.1
AV:L/AC:L/Au:N/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
huawei / mate_20_firmware	-	10.1.0.163\(c00e160r3p8\)

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201014-01-smartphone-en

Vulnerability Database

289,697

CVE-2020-9092