Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Huawei SEQ Analyst Cross Site Scripting

🗓️ 16 Apr 2015 00:00:00Reported by Ugur Cihan KOCType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 42 Views

Huawei SEQ Analyst - Reflected Cross Site Scripting (XSS) Vulnerability, CVE-2015-2347, Fixed version V200R002C03LG0001CP002

Related
Code
ReporterTitlePublishedViews
Family
CNVD		Huawei SEQ Analyst suffers from multiple cross-site scripting vulnerabilities
11 May 201500:00
cnvd
CVE		CVE-2015-2347
8 May 201514:00
cve
Cvelist		CVE-2015-2347
8 May 201514:00
cvelist
EUVD		EUVD-2015-2440
7 Oct 202500:30
euvd
NVD		CVE-2015-2347
8 May 201514:59
nvd
Prion		Cross site scripting
8 May 201514:59
prion
`#Document Title:  
============  
Huawei SEQ Analyst - Multiple Reflected Cross Site Scripting (XSS)  
  
#Release Date:  
===========  
15 Apr 2015  
  
#CVE-ID:  
=======  
CVE-2015-2347  
  
#Product & Service Introduction:  
=======================  
SEQ Analyst is a platform for business quality monitoring and management by  
individual user and multiple vendors in a quasi-realtime and retraceable  
manner  
More Details & Manual ;  
http://download.huawei.com/download/filedownload.do?modelID=bulletin&refID=IN0000056669,101  
  
#Vulnerability Disclosure Timeline:  
========================  
3 Mar 2015 Bug reported to the vendor.  
6 Mar 2015 Vendor returned ; investigating  
16 Mar 2015 Asked about the case.  
16 Mar 2015 Vendor has validated the issue.  
17 Mar 2015 There aren't any fix the issue.  
18 Mar 2015 CVE number assigned  
15 Apr 2015 Fixed  
  
#Affected Product(s):  
===============  
Huawei Technologies Co. Ltd.  
Product: Huawei SEQ Analyst V200R002C03LG0001SPC100 (other versions may be  
vulnerable)  
  
#Exploitation Technique:  
=================  
Local, Authenticated  
  
#Technical Details:  
========================  
Sample Payload : 261e9<script>alert(1)</script>57114  
Affected Path/Parameter: [4 parameter]  
/common/flexdata.action  
[command XML parameter]  
/monitor/flexdata.action  
[command XML parameter]  
[module XML parameter]  
/psnpm/flexdata.action  
[command XML parameter]  
  
#Proof of Concept (PoC):  
==================  
https://drive.google.com/folderview?id=0B-LWHbwdK3P9fnBlLWZqWlZqNnB0b2xHWFpYUWt3bmY3Y0lPUHVLNm9VTUlFcWhYTHlZSUU&usp=sharing  
  
#Solution Fix & Patch:  
================  
15 Apr 2015 Fixed version --> SEQ Analyst V200R002C03LG0001CP0022  
  
#Credits & Authors:  
==============  
Ugur Cihan Koc  
@_uceka_  
www.uceka.com  
  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
16 Apr 2015 00:00Current
6.8Medium risk
Vulners AI Score6.8
EPSS0.00155
huaweiseq analystcross site scriptingxssvulnerabilitycve-2015-2347fixed versionv200r002c03lg0001cp0022localauthenticatedugur cihan koc
42