4 matches found
CVE-2019-13321
CVE-2019-13321 affects Xiaomi Browser prior to 10.4.0. The flaw is in the Captive Portal handling of HTTP responses; a crafted HTML response can cause the Captive Portal to open a browser to a specified location, enabling code execution in the context of the current process when combined with oth...
CVE-2019-13322
CVE-2019-13322 affects Xiaomi Browser (prior to 10.4.0). The flaw is in the miui.share handling, where lack of validation of user-supplied data can lead to downloading and executing an arbitrary application in the context of the user. Exploitation requires user interaction (visiting a malicious p...
CVE-2019-10875
CVE-2019-10875 is a URL-spoofing vulnerability in Xiaomi Mi Browser (international) 10.5.6-g and Mint Browser 1.5.3 caused by how the q parameter is handled: the portion of the https URL before ?q= is not displayed, enabling spoofing of the address bar. Several public sources document a PoC and p...
CVE-2020-14116
CVE-2020-14116 affects Xiaomi Mi Browser. The issue is an open redirection vulnerability caused by Mi Browser not validating incoming data, enabling attackers to trigger sensitive operations. Related sources indicate vulnerability exists prior to version 15.8; remediation guidance suggests updati...