PT-2021-9699 · Xiaomi · Xiaomi Community App

Published

2021-09-16

Updated

2021-09-27

CVE-2020-14130

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions Xiaomi community app versions prior to 3.0.210809

Description The issue concerns exposed JavaScript interfaces in the Xiaomi community, allowing sensitive functions to be maliciously called within the Xiaomi community app.

Recommendations For versions prior to 3.0.210809, update to a version 3.0.210809 or later to resolve the issue.

Fix

Exposure of Resource to Wrong Sphere

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-668

Related Identifiers

CVE-2020-14130

Affected Products

Xiaomi Community App

PT-2021-9699 · Xiaomi · Xiaomi Community App

CVE-2020-14130

Weakness Enumeration

Related Identifiers

Affected Products

References · 4