CVE-2020-9092

CWE-79Cross-site Scripting (XSS)CWE-743 documents3 sources
Severity
4.6MEDIUM
EPSS
0.1%
top 81.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Huawei Mate 20 Firmware
Timeline
PublishedOct 19
Latest updateMay 24

Description

HUAWEI Mate 20 versions earlier than 10.1.0.163(C00E160R3P8) have a JavaScript injection vulnerability. A module does not verify a specific input. This could allow attackers to bypass filter mechanism to launch JavaScript injection. This could compromise normal service of the affected module.

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 0.9 | Impact: 3.6

Affected Packages2 packages

NVDhuawei/mate_20_firmware< 10.1.0.163\(c00e160r3p8\)
CVEListV5huawei_mate_20Versions earlier than 10.1.0.163(C00E160R3P8)

🔴Vulnerability Details

2
GHSA
GHSA-2f67-h8ph-9pgr: HUAWEI Mate 20 versions earlier than 102022-05-24
CVEList
CVE-2020-9092: HUAWEI Mate 20 versions earlier than 102020-10-19
CVE-2020-9092 (MEDIUM CVSS 4.6) | HUAWEI Mate 20 versions earlier tha | cvebase.io