CVE-2016-8789

Опубликовано: 02 апр. 2017

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

Huawei eSpace Integrated Access Device (IAD) with software V300R001C03, V300R001C04, V300R001C06, V300R001C20, and V300R001C07 allows an attacker to trick a user into clicking a URL containing malicious scripts to obtain user information or hijack the session, aka XSS.

Ссылки

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161130-01-espace-en
Vendor Advisory
http://www.securityfocus.com/bid/94613
Third Party Advisory
VDB Entry
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161130-01-espace-en
Vendor Advisory
http://www.securityfocus.com/bid/94613
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:o:huawei:espace_integrated_access_device_firmware:v300r001c03:*:*:*:*:*:*:*

cpe:2.3:o:huawei:espace_integrated_access_device_firmware:v300r001c04:*:*:*:*:*:*:*

cpe:2.3:o:huawei:espace_integrated_access_device_firmware:v300r001c06:*:*:*:*:*:*:*

cpe:2.3:o:huawei:espace_integrated_access_device_firmware:v300r001c07:*:*:*:*:*:*:*

cpe:2.3:o:huawei:espace_integrated_access_device_firmware:v300r001c20:*:*:*:*:*:*:*

cpe:2.3:h:huawei:espace_integrated_access_device:-:*:*:*:*:*:*:*

EPSS

Процентиль: 30%

0.00109

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-mvvc-3v8g-5x86