How severe is CVE-2020-9530?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2020-9530?

This is classified as CWE-94, which is a common weakness in software security.

CVE-2020-9530 - MEDIUM Severity | CVSS 6.5

Vulnerability Description

An issue was discovered on Xiaomi MIUI V11.0.5.0.QFAEUXM devices. The export component of GetApps(com.xiaomi.mipicks) mishandles the functionality of opening other components. Attackers need to induce users to open specific web pages in a specific network environment. By jumping to the WebView component of Messaging(com.android.MMS) and loading malicious web pages, information leakage can occur. This is fixed on version: 2001122; 11.0.1.54.

Related Vulnerabilities

CVE-2016-1413

MEDIUM

CVSS:6.5(Medium)

The web interface in Cisco Firepower Management Center 5.4.0 through 6.0.0.1 allows remote authenticated users to modify pages by placing crafted code in a parameter value, aka Bug ID CSCuy76517.

CWE-942016

CVE-2016-7968

MEDIUM

CVSS:6.5(Medium)

KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. HTML Mail contents were not sanitized for JavaScript and included code was executed.

CWE-942016

CVE-2018-18836

MEDIUM

CVSS:6.5(Medium)

An issue was discovered in Netdata 1.10.0. JSON injection exists via the api/v1/data tqx parameter because of web_client_api_request_v1_data in web/api/web_api_v1.c.

CWE-942018

CVE-2019-3665

MEDIUM

CVSS:6.5(Medium)

Code Injection vulnerability in the web interface in McAfee Web Advisor (WA) prior to 4.1.1.48 allows remote unauthenticated attacker to allow the browser to render a website which Web Advisor would n...

CWE-942019

CVE-2020-8194

MEDIUM

CVSS:6.5(Medium)

Reflected code injection in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10....

CWE-942020

CVE-2020-8274

MEDIUM

CVSS:6.5(Medium)

Citrix Secure Mail for Android before 20.11.0 suffers from Improper Control of Generation of Code ('Code Injection') by allowing unauthenticated access to read data stored within Secure Mail. Note tha...

CWE-942020