4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
6 Medium
AI Score
Confidence
High
0.004 Low
EPSS
Percentile
74.7%
Cross-site scripting (XSS) vulnerability in Huawei SEQ Analyst before V200R002C03LG0001CP0022 allows remote attackers to inject arbitrary web script or HTML via the command XML element in the req parameter to flexdata.action in (1) common/, (2) monitor/, or (3) psnpm/ or the (4) module XML element in the req parameter to flexdata.action in monitor/.
CPE | Name | Operator | Version |
---|---|---|---|
huawei:seq_analyst | huawei seq analyst | le | v200r002c03lg0001spc100 |
packetstormsecurity.com/files/131460/Huawei-SEQ-Analyst-Cross-Site-Scripting.html
seclists.org/fulldisclosure/2015/Apr/43
www.huawei.com/en/security/psirt/security-bulletins/security-notices/hw-424267.htm
drive.google.com/folderview?id=0B-LWHbwdK3P9fnBlLWZqWlZqNnB0b2xHWFpYUWt3bmY3Y0lPUHVLNm9VTUlFcWhYTHlZSUU&usp=sharing