CVE-2016-4575
Published May 25, 2016
Last updated 8 years ago
Overview
- Description
- Cross-site scripting (XSS) vulnerability in the email APP in Huawei PLK smartphones with software AL10C00 before AL10C00B211 and AL10C92 before AL10C92B211; ATH smartphones with software AL00C00 before AL00C00B361, CL00C92 before CL00C92B361, TL00HC01 before TL00HC01B361, and UL00C00 before UL00C00B361; CherryPlus smartphones with software TL00C00 before TL00C00B553, UL00C00 before UL00C00B553, and TL00MC01 before TL00MC01B553; and RIO smartphones with software AL00C00 before AL00C00B360 allows remote attackers to inject arbitrary web script or HTML via an email message.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.0
- Type
- Primary
- Base score
- 6.1
- Impact score
- 2.7
- Exploitability score
- 2.8
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:N/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-79
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:ath_firmware:al00c00:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F6DB67AC-8BD0-457A-B810-B6509721D32F"
},
{
"criteria": "cpe:2.3:o:huawei:ath_firmware:cl00c92:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C38376A3-4432-4E98-B141-B225102E2004"
},
{
"criteria": "cpe:2.3:o:huawei:ath_firmware:tl00hc01:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "82A32ECC-6190-4297-B5CB-BD379DFCA808"
},
{
"criteria": "cpe:2.3:o:huawei:ath_firmware:ul00c00:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2E53EA8C-68BF-4D2D-BE64-8406AE423F32"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:ath:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "93508441-3835-4E42-9EE4-81BE855CF791"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:rio_firmware:al00c00:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "95EC8710-A960-4504-97F9-8FCD679702FE"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:rio:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "824B416C-537A-4525-A611-2261D1B6DA9D"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:plk_firmware:al10c00:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F9ABF6E1-F898-47E2-8C8B-E85FAE42941C"
},
{
"criteria": "cpe:2.3:o:huawei:plk_firmware:al10c92:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DBAEDA23-61F6-4240-AA6A-E17C734AAD83"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:plk:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "6141EDCE-1950-48F3-8187-BE4FAFF274E2"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:cherryplus_firmware:tl00c00:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FE07476A-AEA1-420D-B4C4-A120B9EBEA8B"
},
{
"criteria": "cpe:2.3:o:huawei:cherryplus_firmware:tl00mc01:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4AF28C8B-E9CD-436B-AFFE-06CF891EA621"
},
{
"criteria": "cpe:2.3:o:huawei:cherryplus_firmware:ul00c00:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "96C14166-EF1E-4034-B8AB-79F750BF1EB5"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:cherryplus:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "47C656C5-9B4F-4F6F-9F3C-6B6BC38035BF"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]