Huawei eSpace Integrated Access Device (IAD) with software V300R001C03, V300R001C04, V300R001C06, V300R001C20, and V300R001C07 allows an attacker to trick a user into clicking a URL containing malicious scripts to obtain user information or hijack the session, aka XSS.
[
{
"product": "eSpace IAD V300R001C03, V300R001C04, V300R001C06, V300R001C20 and V300R001C07",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "eSpace IAD V300R001C03, V300R001C04, V300R001C06, V300R001C20 and V300R001C07"
}
]
}
]