Huawei VMall (for Android) with the versions before 1.5.8.5 have a privilege elevation vulnerability due to improper design. An attacker can trick users into installing a malicious app which can send out HTTP requests and execute JavaScript code in web pages without obtaining the Internet access permission. Successful exploit could lead to resource occupation or information leak.

Related CVEs

CVE-2017-8153

Key Information

GHSA ID

GHSA-87mh-7m9m-w48p

Published

May 17, 2022 12:16 AM

Last Modified

May 17, 2022 12:16 AM

CVSS Score

7.5 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: September 3, 2025 6:33 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.