Security Advisory - XSS Vulnerability in the Email App of Huawei Smartphone

2016-05-0700:00:00

Huawei Technologies

www.huawei.com

0.001 Low

EPSS

Percentile

48.1%

JSON

There is a vulnerability due to the lack of output encoding for some particular characters in the email APP built in the affected Smart Phones. A successful exploitation of the vulnerability could allow an unauthenticated remote attacker to perform a cross-site scripting (XSS) attack and lead to obtain the user information. (Vulnerability ID: HWPSIRT-2016-03030)

This vulnerability has been assigned Common Vulnerabilities and Exposures (CVE) ID: CVE-2016-4575.

Huawei has released software updates to fix these vulnerabilities. This advisory is available at the following link:
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160507-01-emailapp-en

CPENameOperatorVersion
plkltPLK-AL10C00B211
plkltPLK-AL10C92B211
athltATH-AL00C00B361
athltATH-CL00C92B361
athltATH-TL00HC01B361
athltATH-UL00C00B361
cherryplusltCherryPlus-TL00C00B553
cherryplusltCherryPlus-UL00C00B553
cherryplusltCherryPlus-TL00MC01B553
rioltRIO-AL00C00B360

Name	Operator	Version
plk	lt	PLK-AL10C00B211
plk	lt	PLK-AL10C92B211
ath	lt	ATH-AL00C00B361
ath	lt	ATH-CL00C92B361
ath	lt	ATH-TL00HC01B361
ath	lt	ATH-UL00C00B361
cherryplus	lt	CherryPlus-TL00C00B553
cherryplus	lt	CherryPlus-UL00C00B553
cherryplus	lt	CherryPlus-TL00MC01B553
rio	lt	RIO-AL00C00B360

0.001 Low

EPSS

Percentile

48.1%

JSON

Related for HUAWEI-SA-20160507-01-EMAILAPP