{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T13:14:28.413","vulnerabilities":[{"cve":{"id":"CVE-2020-9530","sourceIdentifier":"cve@mitre.org","published":"2020-03-06T17:15:12.493","lastModified":"2024-11-21T05:40:48.940","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered on Xiaomi MIUI V11.0.5.0.QFAEUXM devices. The export component of GetApps(com.xiaomi.mipicks) mishandles the functionality of opening other components. Attackers need to induce users to open specific web pages in a specific network environment. By jumping to the WebView component of Messaging(com.android.MMS) and loading malicious web pages, information leakage can occur. This is fixed on version: 2001122; 11.0.1.54."},{"lang":"es","value":"Se ha detectado un problema en los dispositivos Xiaomi MIUI versión V11.0.5.0.QFAEUXM. El componente export de GetApps(com.xiaomi.mipicks) maneja inapropiadamente la funcionalidad de abrir otros componentes. Los atacantes necesitan inducir a usuarios a abrir páginas web específicas en un entorno de red específico. Al saltar al componente WebView de Messaging(com.android.MMS) y cargando páginas web maliciosas, puede ocurrir un filtrado de información. Esto es corregido en la versión: 2001122; 11.0.1.54."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-94"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:mi:miui_firmware:11.0.5.0.qfaeuxm:*:*:*:*:*:*:*","matchCriteriaId":"63CFF65D-314B-4414-ADAC-72B10C9E3741"}]}]}],"references":[{"url":"https://sec.xiaomi.com/post/180","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"https://www.zerodayinitiative.com/advisories/ZDI-20-289/","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://sec.xiaomi.com/post/180","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://www.zerodayinitiative.com/advisories/ZDI-20-289/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}}]}