CVE-2021-22331
HIGHHUAWEI P30 Firmware < 10.1.0.165(C01E165R2P11) - JavaScript Injection via Malicious Application Request
Title source: llmDescription
There is a JavaScript injection vulnerability in certain Huawei smartphones. A module does not verify some inputs sufficiently. Attackers can exploit this vulnerability by sending a malicious application request to launch JavaScript injection. This may compromise normal service. Affected product versions include HUAWEI P30 versions earlier than 10.1.0.165(C01E165R2P11), 11.0.0.118(C635E2R1P3), 11.0.0.120(C00E120R2P5), 11.0.0.138(C10E4R5P3), 11.0.0.138(C185E4R7P3), 11.0.0.138(C432E8R2P3), 11.0.0.138(C461E4R3P3), 11.0.0.138(C605E4R1P3), and 11.0.0.138(C636E4R3P3).
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210331-01-js-en
Scores
CVSS v3
7.5
EPSS
0.0021
EPSS Percentile
42.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-74
Status
published
Products (1)
huawei/p30_firmware
< 10.1.0.165\(c01e165r2p11\)
Published
Apr 28, 2021
Tracked Since
Feb 18, 2026