CVE-2020-9092
MEDIUMHUAWEI Mate 20 < 10.1.0.163(C00E160R3P8) - JavaScript Injection via Input Filter Bypass
Title source: llmDescription
HUAWEI Mate 20 versions earlier than 10.1.0.163(C00E160R3P8) have a JavaScript injection vulnerability. A module does not verify a specific input. This could allow attackers to bypass filter mechanism to launch JavaScript injection. This could compromise normal service of the affected module.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201014-01-smartphone-en
Scores
CVSS v3
4.6
EPSS
0.0006
EPSS Percentile
18.8%
Attack Vector
PHYSICAL
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-79
Status
published
Products (1)
huawei/mate_20_firmware
< 10.1.0.163\(c00e160r3p8\)
Published
Oct 19, 2020
Tracked Since
Feb 18, 2026