A XSS vulnerability exists in the Xiaomi cloud service Application product. The vulnerability is caused by Webview's whitelist checking function allowing javascript protocol to be loaded and can be exploited by attackers to steal Xiaomi cloud service account's cookies.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: Xiaomi
Published: 2023-08-02T00:00:00
Updated: 2024-08-02T11:46:24.361Z
Reserved: 2023-02-22T00:00:00
Link: CVE-2023-26316
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2023-08-02T14:15:10.343
Modified: 2023-08-07T18:01:47.890
Link: CVE-2023-26316
Redhat
No data.