- Description
- There is a XSS injection vulnerability in iMaster NCE-Fabric V100R019C10. A module of the client does not verify the input sufficiently. Attackers can exploit this vulnerability by modifying input after logging onto the client. This may compromise the normal service of the client.
- Source
- psirt@huawei.com
- NVD status
- Modified
CVSS 3.1
- Type
- Primary
- Base score
- 5.4
- Impact score
- 2.7
- Exploitability score
- 2.3
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 3.5
- Impact score
- 2.9
- Exploitability score
- 6.8
- Vector string
- AV:N/AC:M/Au:S/C:N/I:P/A:N
- nvd@nist.gov
- CWE-79
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:imaster_nce-fabric_firmware:v100r019c10:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DB199AC9-7CD6-49E5-A4B6-13C3C30CE21D"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:imaster_nce-fabric:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "4416B2A6-6C41-48C2-8194-377D726DA674"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]