CVEs-PoC/2019/CVE-2019-10875.md at 2ef066380cb36dba2e454190ca2349fcff6ca2df

CalvinBackup/CVEs-PoC

Fork 0

mirror of https://github.com/0xMarcio/cve.git synced 2026-05-25 00:14:09 +02:00

Files

T

0xMarcio cb00e1339f Update CVE list 2025-09-29 21:09

2025-09-29 21:09:30 +02:00

Description

A URL spoofing vulnerability was found in all international versions of Xiaomi Mi browser 10.5.6-g (aka the MIUI native browser) and Mint Browser 1.5.3 due to the way they handle the "q" query parameter. The portion of an https URL before the ?q= substring is not shown to the user.

POC

Reference

http://packetstormsecurity.com/files/152497/Xiaomi-Mi-Browser-Mint-Browser-URL-Spoofing.html
https://thehackernews.com/2019/04/xiaomi-browser-vulnerability.html
https://www.andmp.com/2019/04/xiaomi-url-spoofing-w-ssl-vulnerability.html

Github

https://github.com/ARPSyndicate/cvemon
https://github.com/RenwaX23/Address_Bar_Spoofing
https://github.com/alphaSeclab/sec-daily-2019

1.0 KiB Raw Blame History

CVE-2019-10875

Description

POC

Reference

Github

1.0 KiB

Raw Blame History