CVE-2021-22331

CWE-743 documents3 sources
Severity
7.5HIGH
EPSS
0.2%
top 57.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Huawei P30 Firmware
Timeline
PublishedApr 28
Latest updateMay 24

Description

There is a JavaScript injection vulnerability in certain Huawei smartphones. A module does not verify some inputs sufficiently. Attackers can exploit this vulnerability by sending a malicious application request to launch JavaScript injection. This may compromise normal service. Affected product versions include HUAWEI P30 versions earlier than 10.1.0.165(C01E165R2P11), 11.0.0.118(C635E2R1P3), 11.0.0.120(C00E120R2P5), 11.0.0.138(C10E4R5P3), 11.0.0.138(C185E4R7P3), 11.0.0.138(C432E8R2P3), 11.0.0.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDhuawei/p30_firmware< 10.1.0.165\(c01e165r2p11\)+8
CVEListV5huawei_p30Versions earlier than 10.1.0.165(C01E165R2P11),Versions earlier than 11.0.0.118(C635E2R1P3),Versions earlier than 11.0.0.120(C00E120R2P5),Versions earlier than 11.0.0.138(C10E4R5P3),Versions earlier than 11.0.0.138(C185E4R7P3),Versions earlier than 11.0.0.138(C432E8R2P3),Versions earlier than 11.0.0.138(C461E4R3P3),Versions earlier than 11.0.0.138(C605E4R1P3),Versions earlier than 11.0.0.138(C636E4R3P3)

🔴Vulnerability Details

2
GHSA
GHSA-52g2-g3r2-x33c: There is a JavaScript injection vulnerability in certain Huawei smartphones2022-05-24
CVEList
CVE-2021-22331: There is a JavaScript injection vulnerability in certain Huawei smartphones2021-04-28
CVE-2021-22331 (HIGH CVSS 7.5) | There is a JavaScript injection vul | cvebase.io