exploitDog

CVE-2021-22410

Опубликовано: 23 нояб. 2021

Источник: nvd

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

There is a XSS injection vulnerability in iMaster NCE-Fabric V100R019C10. A module of the client does not verify the input sufficiently. Attackers can exploit this vulnerability by modifying input after logging onto the client. This may compromise the normal service of the client.

Ссылки

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210324-01-xss-en
Vendor Advisory
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210324-01-xss-en
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:huawei:imaster_nce-fabric_firmware:v100r019c10:*:*:*:*:*:*:*

cpe:2.3:h:huawei:imaster_nce-fabric:-:*:*:*:*:*:*:*

EPSS

Процентиль: 35%

0.00141

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-39qf-v5qg-hwqf

github

больше 3 лет назад

There is a XSS injection vulnerability in iMaster NCE-Fabric V100R019C10. A module of the client does not verify the input sufficiently. Attackers can exploit this vulnerability by modifying input after logging onto the client. This may compromise the normal service of the client.

EPSS

Процентиль: 35%

0.00141

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79