Lucene search

[email protected]CVE-2016-4575

HistoryMay 25, 2016 - 3:59 p.m.

CVE-2016-4575

2016-05-2515:59:00

CWE-79

[email protected]

web.nvd.nist.gov

huawei

smartphones

vulnerability

cross-site scripting

xss

security

nvd

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

48.0%

JSON

Cross-site scripting (XSS) vulnerability in the email APP in Huawei PLK smartphones with software AL10C00 before AL10C00B211 and AL10C92 before AL10C92B211; ATH smartphones with software AL00C00 before AL00C00B361, CL00C92 before CL00C92B361, TL00HC01 before TL00HC01B361, and UL00C00 before UL00C00B361; CherryPlus smartphones with software TL00C00 before TL00C00B553, UL00C00 before UL00C00B553, and TL00MC01 before TL00MC01B553; and RIO smartphones with software AL00C00 before AL00C00B360 allows remote attackers to inject arbitrary web script or HTML via an email message.

CPENameOperatorVersion
huawei:ath_firmwarehuawei ath firmwareeqal00c00
huawei:ath_firmwarehuawei ath firmwareeqcl00c92
huawei:ath_firmwarehuawei ath firmwareeqtl00hc01
huawei:ath_firmwarehuawei ath firmwareequl00c00
huawei:athhuawei atheq-
huawei:rio_firmwarehuawei rio firmwareeqal00c00
huawei:plk_firmwarehuawei plk firmwareeqal10c00
huawei:plk_firmwarehuawei plk firmwareeqal10c92
huawei:cherryplus_firmwarehuawei cherryplus firmwareeqtl00c00
huawei:cherryplus_firmwarehuawei cherryplus firmwareeqtl00mc01

CPE	Name	Operator	Version
huawei:ath_firmware	huawei ath firmware	eq	al00c00
huawei:ath_firmware	huawei ath firmware	eq	cl00c92
huawei:ath_firmware	huawei ath firmware	eq	tl00hc01
huawei:ath_firmware	huawei ath firmware	eq	ul00c00
huawei:ath	huawei ath	eq	-
huawei:rio_firmware	huawei rio firmware	eq	al00c00
huawei:plk_firmware	huawei plk firmware	eq	al10c00
huawei:plk_firmware	huawei plk firmware	eq	al10c92
huawei:cherryplus_firmware	huawei cherryplus firmware	eq	tl00c00
huawei:cherryplus_firmware	huawei cherryplus firmware	eq	tl00mc01

Rows per page:

1-10 of 121

References

www.huawei.com/en/psirt/security-advisories/huawei-sa-20160507-01-emailapp-en

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

48.0%

JSON

Related for CVE-2016-4575

huawei1 cvelist1 prion1