Cross site scripting

2017-04-0220:59:00

PRIOn knowledge base

www.prio-n.com

6.7 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

32.9%

JSON

Huawei eSpace Integrated Access Device (IAD) with software V300R001C03, V300R001C04, V300R001C06, V300R001C20, and V300R001C07 allows an attacker to trick a user into clicking a URL containing malicious scripts to obtain user information or hijack the session, aka XSS.

CPENameOperatorVersion
espace_integrated_access_device_firmwareeq300r1c3-v
espace_integrated_access_device_firmwareeq300r1c4-v
espace_integrated_access_device_firmwareeq300r1c6-v
espace_integrated_access_device_firmwareeq300r1c7-v
espace_integrated_access_device_firmwareeq300r1c20-v

Name	Operator	Version
espace_integrated_access_device_firmware	eq	300r1c3-v
espace_integrated_access_device_firmware	eq	300r1c4-v
espace_integrated_access_device_firmware	eq	300r1c6-v
espace_integrated_access_device_firmware	eq	300r1c7-v
espace_integrated_access_device_firmware	eq	300r1c20-v