CVE-2023-26324

CVE-2023-26324 affects XiaomiGetApps; the flaw is a bypass of the verification logic that allows code execution. PT-2024-12097 details exploit steps via WebView: open a URL, inject JavaScript, use vulnerable GetApps JavaScript Interface to install and launch a payload, potentially obtaining a she...

CVE-2023-26322

CVE-2023-26322 corresponds to a code-execution vulnerability in the XiaomiGetApps application. Multiple connected documents reveal that the root cause is bypassed verification logic, enabling remote code execution. Reported impact is high/critical, with potential for attacker-controlled code exec...